admingit
/
Deploiement_Server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '659fc2074a'
${ noResults }
Deploiement_Server/deployment-apps/Splunk_Security_Essentials/lookups/UC_ransomware_notes.csv

4.9 MiB
Raw Blame History 

"_time",host,Image,TargetFilename,EventCode
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\@WanaDecryptor@.exe","C:\ProgramData\wnlvipnvf933\@Please_Read_Me@.txt",2
"2017-05-22T00:01:00.000+0000","carlos-PC","C:\ProgramData\wnlvipnvf933\@WanaDecryptor@.exe","C:\ProgramData\wnlvipnvf933\@Please_Read_Me@.txt",2
"2017-05-22T00:06:00.000+0000","alice-PC","C:\ProgramData\wnlvipnvf933\@WanaDecryptor@.exe","C:\ProgramData\wnlvipnvf933\@Please_Read_Me@.txt",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\3389.tmp",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\D7E0.tmp",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\@WanaDecryptor@.exe","C:\ProgramData\wnlvipnvf933\TaskData\Tor\zlib1.dll",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\@WanaDecryptor@.exe","C:\ProgramData\wnlvipnvf933\TaskData\Tor\tor.exe",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\@WanaDecryptor@.exe","C:\ProgramData\wnlvipnvf933\TaskData\Tor\ssleay32.dll",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\@WanaDecryptor@.exe","C:\ProgramData\wnlvipnvf933\TaskData\Tor\libssp-0.dll",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\@WanaDecryptor@.exe","C:\ProgramData\wnlvipnvf933\TaskData\Tor\libgcc_s_sjlj-1.dll",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\@WanaDecryptor@.exe","C:\ProgramData\wnlvipnvf933\TaskData\Tor\libevent_extra-2-0-5.dll",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\@WanaDecryptor@.exe","C:\ProgramData\wnlvipnvf933\TaskData\Tor\libevent_core-2-0-5.dll",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\@WanaDecryptor@.exe","C:\ProgramData\wnlvipnvf933\TaskData\Tor\libevent-2-0-5.dll",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\@WanaDecryptor@.exe","C:\ProgramData\wnlvipnvf933\TaskData\Tor\libeay32.dll",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Downloads\add-on-for-microsoft-sysmon_600\add-on-for-microsoft-sysmon_600\TA-microsoft-sysmon\lookups\eventcode.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@youtube[1].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.msn[2].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.linkedin[1].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.googleadservices[2].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.bing[1].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@scorecardresearch[2].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@msn[1].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@microsoft[2].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@linkedin[2].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@google[5].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@google[3].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@google[2].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@google[1].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@doubleclick[2].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@c1.microsoft[1].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@c.msn[2].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@c.bing[2].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@bing[1].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@atwola[1].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@at.atwola[1].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@api.bing[2].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@advertising[2].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adnxs[2].txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app_redirect.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_pressed.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_maximize.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_hover.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button_close.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\topbar_floating_button.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_16.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\page_embed_script.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\main.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\icon_16.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_0_28f4e16149fa7fd7a16a4ec2db742327ef0383d_cab_041043eb\client_manifest.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\ui\images\ajax-loader.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\ui\css\images\ui-bg_highlight-soft_75_cccccc_1x100.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\ui\css\images\ui-bg_glass_95_fef1ec_1x400.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\ui\css\images\ui-bg_glass_75_e6e6e6_1x400.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\ui\css\images\ui-bg_glass_75_dadada_1x400.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\ui\css\images\ui-bg_glass_65_ffffff_1x400.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\ui\css\images\ui-bg_glass_55_fbf9ee_1x400.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\ui\css\images\ui-bg_flat_75_ffffff_40x100.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\ui\css\images\ui-bg_flat_0_aaaaaa_40x100.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\lookups\stream_app_lookup.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\README.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Downloads\add-on-for-microsoft-sysmon_600\add-on-for-microsoft-sysmon_600.tar.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Downloads\Sysmon.zip.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Downloads\add-on-for-microsoft-sysmon_600.tgz.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000002.db.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows\Caches\cversions.1.db.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Internet Explorer\brndlog.bak.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cloud_route_details\view.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\chromecast_logo_grey.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_setup\cast_app.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_webrtc.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_hangouts.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_common.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\mirroring_cast_streaming.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\feedback_script.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\common.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_sender.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_route_details.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\cast_game_sender.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\background_script.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\angular.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\128.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\icon_128.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images\flapper.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\craw_window.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\craw_background.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\eventpage_bin_prod.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\contentscript_bin_prod.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\128.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\icon_128.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\IconCache.db.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\Windows\Caches\{9B1553D2-7743-4D03-B854-0005276C2B72}.2.ver0x0000000000000001.db.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\user.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\ui\js\underscore.min.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\ui\js\jquery.min.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\ui\js\jquery-ui.min.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\ui\css\images\ui-icons_cd0a0a_256x240.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\ui\css\images\ui-icons_888888_256x240.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\ui\css\images\ui-icons_454545_256x240.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\ui\css\images\ui-icons_2e83ff_256x240.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\ui\css\images\ui-icons_222222_256x240.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\local\keystore.db.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\set_permissions.sh.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\sysmon_4.zip.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\inetpub\wwwroot\welcome.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\inetpub\custerr\en-US\500-100.asp.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\inetpub\AdminScripts\adsutil.vbs.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Downloads\Sysmon\Eula.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Downloads\add-on-for-microsoft-sysmon_600\add-on-for-microsoft-sysmon_600\TA-microsoft-sysmon\README.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Downloads\eplc_project__archives_template.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\AppData\Local\Microsoft\Internet Explorer\brndlog.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\sysmon_4\Eula.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\samples\ssl_sample.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\samples\smtp_sample.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\samples\http_sample.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\samples\dns_sample.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\sysmon\Stream\Splunk_TA_stream\LICENSE.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\838\838629.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\467\467276.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\328\328718.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\217\217982.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\998\998651.gz.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\985\985500.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\985\985333.gz.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\985\985268.gz.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\976\976696.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\962\962797.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\938\938640.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\938\938633.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\937\937571.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\893\893847.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\893\893146.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\888\888324.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\858\858584.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\847\847184.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\818\818567.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\807\807874.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\796\796793.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\788\788435.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\779\779675.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\755\755100.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\726\726912.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\710\710211.gz.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\684\684211.swf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\648\648671.swf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\608\608210.swf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\597\597114.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\589\589809.swf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\589\589080.swf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\587\587901.swf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\583\583335.gz.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\549\549375.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\546\546120.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\544\544060.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\521\521822.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\508\508493.swf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\504\504929.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\480\480367.gz.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\469\469487.pps.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\446\446498.gz.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\389\389147.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\255\255923.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\221\221964.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\170\170540.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\167\167569.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\162\162539.pps.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\129\129996.gif.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\999\999653.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\999\999354.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\999\999162.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\996\996339.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\995\995092.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\994\994678.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\993\993753.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\993\993128.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\992\992239.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\991\991739.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\991\991080.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\989\989595.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\986\986198.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\982\982322.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\978\978601.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\977\977110.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\975\975423.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\975\975259.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\974\974548.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\974\974240.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\973\973728.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\971\971608.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\968\968653.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\967\967002.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\966\966488.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\964\964564.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\964\964116.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\963\963649.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\962\962866.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\959\959762.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\958\958401.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\957\957353.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\956\956819.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\955\955380.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\953\953808.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\950\950535.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\950\950208.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\947\947813.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\946\946750.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\946\946128.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\945\945612.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\943\943665.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\942\942958.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\940\940554.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\939\939202.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\932\932631.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\929\929201.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\928\928928.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\926\926405.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\925\925071.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\924\924178.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\923\923489.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\922\922388.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\919\919381.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\919\919082.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\913\913234.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\912\912768.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\912\912576.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\910\910566.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\909\909820.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\908\908132.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\907\907367.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\903\903806.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\903\903209.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\901\901409.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\900\900588.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\899\899200.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\898\898084.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\897\897761.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\897\897384.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\897\897050.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\894\894265.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\894\894015.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\889\889664.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\887\887926.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\886\886823.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\886\886816.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\883\883698.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\882\882972.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\882\882968.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\882\882089.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\880\880311.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\879\879957.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\878\878960.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\877\877577.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\876\876615.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\875\875386.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\873\873883.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\873\873386.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\871\871193.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\871\871037.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\870\870165.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\869\869462.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\868\868896.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\868\868172.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\867\867708.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\865\865216.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\862\862692.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\862\862426.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\857\857904.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\857\857400.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\857\857179.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\852\852539.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\852\852036.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\851\851360.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\850\850997.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\846\846869.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\842\842977.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\842\842747.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\842\842707.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\842\842408.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\842\842074.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\838\838062.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\835\835777.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\833\833857.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\833\833380.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\830\830543.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\822\822928.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\821\821017.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\820\820083.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\819\819400.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\816\816545.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\814\814891.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\814\814024.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\810\810515.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\810\810045.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\809\809766.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\808\808726.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\804\804655.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\804\804331.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\803\803618.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\803\803179.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\802\802203.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\801\801729.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\801\801619.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\800\800627.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\799\799816.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\798\798796.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\792\792626.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\789\789460.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\789\789332.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\789\789265.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\782\782151.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\780\780156.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\777\777127.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\777\777088.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\776\776384.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\775\775410.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\774\774221.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\773\773506.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\773\773282.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\768\768264.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\766\766696.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\766\766091.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\765\765264.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\763\763413.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\762\762462.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\762\762075.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\761\761573.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\761\761371.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\759\759844.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\758\758022.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\757\757843.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\753\753901.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\753\753360.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\752\752107.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\751\751447.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\750\750154.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\748\748968.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\748\748565.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\747\747510.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\744\744710.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\743\743829.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\740\740764.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\740\740380.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\739\739193.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\738\738909.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\734\734708.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\734\734661.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\734\734451.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\728\728287.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\727\727263.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\725\725789.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\725\725294.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\725\725061.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\724\724914.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\723\723052.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\721\721523.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\719\719273.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\716\716381.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\714\714932.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\710\710570.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\710\710097.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\709\709028.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\708\708988.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\706\706281.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\706\706047.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\704\704296.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\703\703559.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\703\703118.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\702\702851.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\702\702533.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\699\699100.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\698\698912.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\696\696013.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\692\692325.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\691\691617.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\690\690293.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\689\689593.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\689\689276.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\688\688185.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\687\687397.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\687\687128.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\686\686686.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\686\686271.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\686\686141.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\685\685208.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\684\684504.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\682\682008.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\94FD.tmp",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\681\681028.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\680\680328.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\678\678396.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\676\676176.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\675\675458.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\674\674174.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\672\672102.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\671\671803.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\671\671710.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\670\670895.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\669\669536.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\668\668544.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\667\667931.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\665\665685.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\664\664985.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\663\663738.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\663\663531.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\663\663338.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\662\662501.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\661\661496.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\660\660434.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\655\655313.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\652\652422.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\648\648996.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\648\648587.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\644\644535.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\637\637932.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\637\637880.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\637\637787.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\637\637310.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\633\633033.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\632\632823.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\631\631982.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\625\625420.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\623\623173.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\612\612925.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\612\612270.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\610\610693.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\610\610685.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\609\609091.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\607\607528.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\599\599253.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\598\598856.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\596\596043.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\593\593689.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\592\592365.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\590\590172.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\587\587499.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\576\576362.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\571\571762.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\571\571315.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\569\569206.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\567\567674.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\565\565977.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\565\565342.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\564\564164.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\561\561054.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\555\555146.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\554\554978.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\552\552416.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\552\552291.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\550\550321.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\547\547176.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\546\546634.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\546\546009.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\544\544238.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\543\543464.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\540\540804.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\540\540133.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\539\539951.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\537\537994.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\537\537015.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\536\536292.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\534\534396.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\533\533233.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\528\528059.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\527\527337.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\525\525883.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\524\524779.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\523\523165.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\522\522560.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\521\521622.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\520\520936.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\520\520616.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\518\518561.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\518\518392.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\517\517544.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\517\517210.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\514\514025.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\510\510992.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\510\510434.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\509\509180.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\507\507242.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\503\503949.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\503\503846.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\503\503590.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\503\503430.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\501\501934.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\501\501032.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\500\500459.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\500\500401.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\499\499755.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\495\495155.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\494\494033.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\493\493376.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\493\493112.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\491\491485.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\490\490853.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\490\490684.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\488\488806.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\488\488482.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\488\488066.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\486\486347.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\484\484131.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\481\481858.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\481\481301.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\481\481128.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\477\477301.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\476\476931.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\476\476456.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\476\476277.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\474\474348.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\473\473410.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\471\471085.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\470\470820.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\469\469113.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\466\466681.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\465\465032.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\464\464166.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\464\464159.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\462\462945.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\457\457928.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\455\455518.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\455\455393.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\454\454876.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\453\453498.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\451\451266.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\445\445910.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\440\440419.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\438\438694.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\436\436110.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\435\435465.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\435\435335.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\434\434841.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\433\433948.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\429\429514.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\426\426558.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\424\424687.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\424\424617.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\423\423364.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\419\419304.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\415\415435.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\414\414328.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\413\413419.rtf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\411\411381.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\401\401319.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\400\400240.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\397\397625.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\391\391517.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\389\389717.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\389\389146.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\389\389011.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\387\387658.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\385\385059.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\384\384606.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\379\379900.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\379\379472.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\376\376069.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\375\375670.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\373\373355.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\371\371736.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\371\371171.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\370\370483.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\369\369699.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\365\365885.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\363\363751.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\363\363200.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\362\362088.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\356\356691.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\354\354930.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\354\354820.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\351\351599.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\348\348357.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\345\345908.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\345\345588.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\345\345424.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\344\344378.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\344\344185.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\341\341709.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\338\338347.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\333\333762.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\332\332930.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\331\331933.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\331\331292.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\329\329080.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\328\328974.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\328\328783.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\328\328128.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\327\327809.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\327\327584.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\326\326922.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\325\325411.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\323\323884.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\321\321640.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\320\320509.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\317\317646.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\316\316866.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\314\314521.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\312\312772.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\310\310941.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\309\309622.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\309\309483.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\308\308941.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\308\308633.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\308\308432.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\308\308180.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\307\307579.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\306\306941.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\306\306224.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\306\306156.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\304\304613.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\303\303951.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\303\303791.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\302\302965.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\302\302869.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\301\301809.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\301\301363.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\301\301340.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\300\300839.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\298\298356.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\297\297291.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\294\294354.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\292\292311.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\291\291276.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\288\288861.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\288\288516.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\287\287765.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\287\287004.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\286\286891.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\286\286720.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\286\286538.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\285\285215.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\284\284253.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\282\282893.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\282\282386.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\281\281194.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\279\279397.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\278\278775.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\275\275138.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\272\272545.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\268\268856.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\267\267203.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\266\266784.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\266\266620.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\265\265130.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\264\264762.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\261\261960.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\261\261808.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\260\260338.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\259\259672.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\257\257628.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\257\257597.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\256\256492.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\256\256420.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\252\252572.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\252\252017.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\249\249193.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\247\247546.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\247\247291.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\246\246353.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\243\243616.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\239\239668.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\236\236837.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\236\236424.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\235\235936.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\233\233174.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\230\230900.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\230\230731.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\228\228214.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\227\227409.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\224\224553.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\224\224168.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\223\223633.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\221\221800.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\219\219589.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\218\218817.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\216\216937.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\213\213125.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\210\210763.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\210\210687.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\209\209450.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\206\206498.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\205\205348.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\204\204418.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\200\200110.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\198\198964.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\197\197349.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\195\195876.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\195\195828.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\193\193300.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\191\191969.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\190\190298.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\189\189317.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\189\189283.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\188\188908.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\185\185221.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\180\180527.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\177\177770.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\167\167086.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\166\166206.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\164\164731.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\157\157581.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\155\155586.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\154\154390.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\153\153670.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\153\153568.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\153\153378.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\153\153202.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\151\151955.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\151\151049.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\150\150311.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\149\149391.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\149\149115.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\148\148876.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\146\146109.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\145\145153.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\144\144325.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\143\143961.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\143\143879.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\142\142669.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\140\140622.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\140\140201.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\139\139345.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\137\137031.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\135\135778.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\133\133284.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\131\131213.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\129\129941.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\128\128507.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\127\127867.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\127\127725.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\126\126056.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\124\124256.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\123\123779.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\122\122199.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\120\120669.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\119\119760.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\119\119417.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\118\118130.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\117\117275.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\115\115389.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\112\112848.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\111\111807.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\111\111338.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\110\110287.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\106\106794.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\105\105186.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\103\103568.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\103\103224.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\101\101605.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\098\098846.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\098\098807.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\097\097040.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\095\095835.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\092\092145.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\090\090703.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\086\086190.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\085\085462.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\083\083776.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\082\082333.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\080\080851.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\079\079385.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\077\077341.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\076\076430.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\075\075366.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\073\073227.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\071\071930.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\070\070770.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\067\067773.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\066\066290.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\064\064568.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\064\064452.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\064\064448.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\063\063776.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\063\063072.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\061\061561.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\060\060887.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\057\057545.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\054\054018.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\053\053253.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\052\052725.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\052\052528.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\051\051767.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\050\050739.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\050\050294.xls.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\049\049978.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\049\049331.doc.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\047\047672.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\046\046761.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\042\042916.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\042\042295.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\040\040090.ppt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\032\032132.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\028\028402.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\026\026839.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\025\025835.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\020\020269.jpg.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\014\014819.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\014\014575.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\013\013366.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\011\011443.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\008\008148.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\007\007895.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\007\007835.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\004\004387.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\004\004157.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\003\003774.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\001\001484.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\001\001387.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\000\000816.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Documents\Work Stuff\000\000578.pdf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\lookups\wmi_version_range.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\lookups\windows_vendor_info.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\lookups\windows_update_statii.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\lookups\windows_signatures_substatus.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\lookups\windows_apps.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\lookups\windows_actions.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\lookups\vendor_actions.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\lookups\user_types.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\lookups\status.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\lookups\object_category.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\lookups\fs_notification_change_type.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\appserver\modules\TA_Windows_IFrame\TA_Windows_Iframe.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\bin\win_listening_ports.bat.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\bin\win_installed_apps.bat.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\appserver\static\images\icon_error.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\appserver\static\typewatch.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\appserver\static\ta_windows_setup.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\appserver\static\screenshot.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\appserver\static\appLogo.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\appserver\static\appIcon.png.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\appserver\modules\TA_Windows_FTR\TA_Windows_FTR.js.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\lookups\windows_signatures.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\lookups\windows_privileges.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\lookups\ntsyslog_mappings.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\lookups\msdhcp_signatures.csv.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\README.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\license-eula.txt.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\Users\bob\Desktop\Splunk_TA_windows\license-eula.rtf.WNCRYT",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\u.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\taskse.exe",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\taskdl.exe",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\t.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\s.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\r.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_vietnamese.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_turkish.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_swedish.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_spanish.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_slovak.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_russian.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_romanian.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_portuguese.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_polish.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_norwegian.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_latvian.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_korean.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_japanese.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_italian.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_indonesian.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_greek.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_german.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_french.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_finnish.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_filipino.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_english.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_dutch.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_danish.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_czech.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_croatian.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_chinese (traditional).wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_chinese (simplified).wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\msg\m_bulgarian.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\c.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\ProgramData\wnlvipnvf933\tasksche.exe","C:\ProgramData\wnlvipnvf933\b.wnry",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\F7AC.tmp",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\1838.tmp",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\drivers\UMDF\SETC480.tmp",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\bob\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ORI3XYPH46YBUNJL1GLF.temp",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\8075.tmp",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\21C.tmp",2
"2017-05-22T00:00:00.000+0000","bob-PC","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\A663.tmp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B3E2C5558CCC4cf9BFAE2BD8EFAF2740.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 57696C77D2A947beB78933E98B89C5DD.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 89F26A03B11E456a84E01667C43E7DF7.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C87A7C56D7574b01AEC370527999C3C9.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B5F85E1F82FD4b338D0635DE60BD0FE5.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9072024A31014f33B200B114823206CB.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EF9D5D1F4A084932832E4257E56C22FA.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 03ED3874743246ab9A4D8578DB0371F1.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 51399F6E4A344fa383DC82C56C7D3757.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2544C0FB44A94e609CD16F6A1E5D79F0.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C1968CAC058643da995E9D255978FCBF.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6D3F3C2174DE4b9292419ABD146071FD.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B9DF542399EA4664B4B60608F58DF9E5.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 11A80F4EDF6E40f2B4439BB248B4FEF2.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 258A94CD8F7B4328B0D4D4F68E5BF750.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CD82188588264cf0835D31E6D26C182A.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C355DDB0DB0A47ceAF8441065285A600.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 70CC490C7E014c52A0E92D6EC87EFB01.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C934F4FD175D437683349CBF2DC8FA5F.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 223CB767591C4977AE84DB7B2B4E4871.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F05BF07E61924148A95A966CD39D2BE5.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AD80BEDB829B41379CF2CABFAA3DF39E.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ED815FABC0F94d5a878D19173EA0EF4F.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0FFF13BC20194401B6F93C4619A1DE34.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E8D0C56070FD41319A17B072C3D77888.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3C5C623326274e12AC984367D0FB31E6.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3662579F9C9A4ba8B3EF81FD5BFFC3E5.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6C53686896EA4d8f970EA9F030FD6C8D.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4B97CFE3B67646219B5DF17C1216F1E4.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 87DC25AA1EEC4005A276FBF6627CDED8.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 53D26D45C2C145898A40E4238B51FEA9.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6EE730816B0642668E04E51C37D7EB06.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2BDB64C8C31943699359CDF15D89D74F.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9EEF807B345D4fe5AB0D9F5363EAA72D.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3D9389B640554991AB4A8CCB9F4CA591.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7F33248B29A3406382E87F31C4DF13AA.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E35965C375934b969059054BA4171887.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8C15F438FD53468f8EA06040E05ECCC3.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6CF3669BAA024546A474824D1F390268.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 90F78E8313CF4fe0AA818F73813903A2.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A0518B95030C4a58B8593A7F86341A50.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3D71366486D1450694B2EC2A3C7FA29A.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 96A430A613E0499394ADAD3C02577621.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 322CCBC7615443ae8BEC2DDBA90FF95B.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B424601C3AD047beB82DDE08C59A38FA.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DF2DDE039F8042f6AF9AEA0B618AD94B.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AA0EDCC2C2C8406fBBAA80463F984CDB.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7F5CA99DE5114a36BFBEE66B20A39910.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4C15A500C9844c28BBFA9655370C8332.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 90221D0640B2451bB30666C934AC983B.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0C36DAF353CC4296848B807959F6F24D.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BFEF30C846BA42c6B96F61BE750361E5.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0BB21FD84B0542a4ACD74C9384EA7AE0.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 31A8C700020E4ddd9DAD8FF67A05A360.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EE8456B05995470c8E4DE482A029C239.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 211F1423B62D4bb0BFA65C6C903A24DA.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B1EDBD6DDF684922946B1E9885A138D2.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 837C7452C4244fb1987134F389CAE6F9.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E7F28B549F6F43c7B875BC5904C7CC76.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F38F762815F14738AC746822F9FBECD5.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 47D93AFE19384077B880260EA75523CA.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3ED10F51B3994b3a81217B9BFBE82E9A.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6F232C22B9CB4eee8830D6D2B30113DF.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 17F1D11DC72243869222885DDC1FAFE3.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 665ECA95593541b78C6392AF2EA696D6.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5714E9B309464c30BD96E96CDAB6A4BD.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B210ACD7B2924f94ADD93CD346CDB6C7.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C07F4B42A92342d7A642B1DC8AFA2F75.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A062596D16414df18A5B4DDE3B61D1A4.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7F53738AD2C04b2aB0C24E518858A3CD.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C0DFE02CF5AA48cdB6A9398EC28A5B29.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F7DF260ACB11427fA13482C1E3F15FAB.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 45ADEDEAA5FC4487B78A0D42A9010858.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6B96524D0FEA4b1e832BCAC7DDD46B2B.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5EC68EFF9B9D426bA5ABF50F7BD20586.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9FFD416C9DA342e388569A04569FC99A.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A122F152331D4433A5503E57F9EB112A.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6CE6CC0626D24c30B9C3D5B450374E71.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Update\Install\{AF257227-80D8-4E91-9CEA-F081AB85B9B5}\58.0.3029.110_chrome_installer.exe","C:\Windows\Temp\CR_51F4C.tmp\setup.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Users\User\AppData\Local\Temp\BIT6900.tmp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8B58EF111A79487a8C6DDD44D805E322.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C7606CAFF3334d6aAB02F00A910AC9D4.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2125A35309E54ffcB0281D14BA8AD730.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E84D57E2052C4d97A9EA7A160250DBC9.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F4B0101537DB4d4d804E9296C39EBFB6.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 668A84F096B2414a835CAB30526838D1.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CF4158C7ECF8463b90FA47D577006247.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CF81668DE2A64301B95399E74F55EF93.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D132F5552B3B4b5eA5C81D6EFF07E780.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 67C712D382E643ba989D8CBFFA39A8D5.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8AC33DD8CB9F4bf4ABF001D4F6ADBE86.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 46588C48E31D4b1c9A77E794A9392F98.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1A7F107A13314614A228FBC9C1AF60A4.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 33C3F5AFA63A45f09BB8CD6BE3C54D15.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F57892DF9DBB42e2AEC7EB323C8291FA.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 00178A22870B42d391C7CCB599416D22.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E3E72865B0C14d209A868CEA4164B33D.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8693067D324845f3B66AFE082B27D039.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0816E03CA15C4645933EF11465F8E513.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 346D276327AF4110AA61D40E0E5FD53A.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 525A8552E93E4c65ABF77B4A170AD812.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A9EBDC184BC047898BACAAA5EA906BF3.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A429FA5046714340908CA1E8F86CACAA.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1567BACBE9CE4e65A2FA808B232F96FE.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0E2493775C08475e9B776AFD50FA6D31.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 070B58D2993340bc8E4F6CAB66C6006E.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A25B50FA98EF4eeeBD7B32678C4966FD.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3BB415A0249A4cc9AEEF8B4BD93325C9.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B268049CEF4A49c0B880B451E4FBEA79.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9B0D4C584BBE48e38F24F8FAC117B0F2.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 83952C1C9F074e069B542A3C230C9C8C.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 28574D9FCC4440b8B95F10CFDFCD144B.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4C1027310596441fA6360DB22CC11D43.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E076AE222C724256B32031A785F6D3B6.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C09B6233A61845fdB3FC4AEE695D414E.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A27A276BB8E540c49365C52B2A55B525.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EC33769C3F9F4f57BD32E6E1C83FCF43.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0F63F3F7D0084c2f938152F1AEA8ECD8.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 70F34DA695BB4a28A1FA53BF3B4EAADB.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 53835130681449dbB82586C5245381B6.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EC1B13ABC4404474A73C569CDDBA45E8.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C943BA9AA9044033BE24584E1C863E2F.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-d.exe","C:\Windows\Temp\{9227460C-41C8-41A3-A6D3-51E21013C8FE}\mpasdlta.vdm",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-d.exe","C:\Windows\Temp\{9227460C-41C8-41A3-A6D3-51E21013C8FE}\MPSigStub.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F27F5EABEEBF4b65A1D0C21E686A5012.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8A61D006C4654623983C38CFEB6A95A5.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2B3CBC0BD0194b048B2A4BE4CCE2F6FB.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ED6E74893D6C4722A6631371BF746C24.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 80CA601E89634846A0771B180E0B57E1.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0B944FD6F3D147fbB12DFAB61A42D02D.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT9BC6.tmp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E0BA482CDA4549bbBCC5FD91605E9876.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 225F07E4C91A4533BC0B0FA857FFB6C2.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BEA1FB638EAB4f9aB814EE6FA02DBA1A.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E7AA6415733E488b818A49673B66C38A.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5EB115C557594840BEB161CD032E662C.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 246933054BD549c78C0A706501DF4A06.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5F8F1F17460D4adb938DF247C8DE3337.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3D211034FFFE4837BCD9FC8D298BA67C.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 682578203426496d9DB51FE3F9968DC6.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 137C9EE0928849f0A628A001699E0E7B.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 545C19AE303444eeB6937CCF3E12606F.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 78AD52802580440cB1960CEA1089D19F.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_17.009.20044\BIT825C.tmp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 84D27E1282C64875B72EC9F2AA57F232.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DC598E1840374874BD86E8BC773AC20C.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9FB67154416D401dB204C75384D764AD.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BITD7AB.tmp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 940010244FCB4c7a86B2AB13276D6F35.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 607B8C75F2F347079D7276066CDA8AE1.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 44809D659B454a7790EB615BDA8CB7CC.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 631681AD8AB94a48AB8341026D2DADD2.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 91BB1A57CA8A4cf3BFF6079F6BB0306C.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 665959A54BDB498497EDB883F53182B2.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EDA73F3555974e63AD2E43A8FD43F2CC.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A5FF76D5BC6F4568BA5ABCB7208B1D9F.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9A5F54E579484ccd811AE4ED83035E0D.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7FFDB84326E24d35A02F2F247B0C63CD.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5254DA72B25146cb9DD1DFACD9EC97C6.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D8878F363EFF4605AF0F5C8CB7364B7F.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 02FCF59C8A8E4cd88793710D60F56795.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ABFC3A0E42144247B6A06877B1BF0BF0.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4084DFEEC66C47818C743F13C8C451E9.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BFD30669E9DC48b0B640C6E6674D6338.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5E8FA6F5FF2E4e1bB5F546910B575C25.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CFB0AC2ABDAF4bfe84A382B3C2E9CE39.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4310A6A8BF6C4cb4B814C9DA402511A4.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 308021EF93084a5a920FEA98E83C604F.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3E6BF650D574462788EE6CB57DD8A19B.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 14439F90C314426d8C40E08B6646AF8D.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B1B34A73FD19473f968FBB04C19E52AC.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FF8EC35A14FD4df9BDD241970180DE3C.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E01D5A34203841e785B36B9D182A02B7.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 94F4B9F2A334447681F4A278A6F4E29D.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 935576A61E0A43d8A62335A693BC92A8.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B6EBD5E996ED4aacAB64DD9D1A1D7688.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 56BF41655C804fe6966E86516F908CD2.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CF2020645CCB4ddeBEE5158CF6E78C94.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3830F021B8FD4fd2A5631B26B47331DE.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A95AF7BBF98B4c579F6623C501B20186.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A653E6ACBAE14b8988563A7F594EDB8C.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D64C7D20D1EE4072A8E942CF0D560A17.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B4A1525148E9448eA879178D4A297C4A.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B9C03F8392614a1a867C42CAE04889C2.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\b2363.msp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.DataVisualization.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\XsdBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XsdBuildTask.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\XsdBuildTask.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\XsdBuildTask.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\XamlBuildTask.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\XamlBuildTask.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WorkflowServiceHostPerformanceCounters.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\WorkflowServiceHostPerformanceCounters.dll.mui",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\WorkflowServiceHostPerformanceCounters.dll.mui",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WorkflowServiceHostPerformanceCounters.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WMINet_Utils.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsFormsIntegration.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsFormsIntegration.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\webengine4.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\webengine.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationTypes.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationProvider.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationClientsideProviders.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationClient.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\TLBREF.DLL",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\TLBREF.DLL",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.XML.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xaml.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Presentation.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Windows.Presentation.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.tlb",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.tlb",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Controls.Ribbon.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Controls.Ribbon\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Controls.Ribbon.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Windows.Controls.Ribbon.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.tlb",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.tlb",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Services.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Services.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.RegularExpressions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.RegularExpressions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Mobile.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Mobile.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Transactions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Transactions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.tlb",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.tlb",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceProcess.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceProcess.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Remoting.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.context.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Context\v4.0_4.0.0.0__b77a5c561934e089\System.Reflection.context.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.context.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Numerics.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Numerics.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.Http.WebRequest.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http.WebRequest\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.WebRequest.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Http.WebRequest.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.Http.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Http.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Messaging.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Messaging.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B3E3A74630AC42f0AFB0AACB4F28EA6D.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Management.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Compression.FileSystem.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Compression.FileSystem.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Compression.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Compression.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Wrapper.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.Wrapper.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.tlb",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.tlb",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.Thunk.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.tlb",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.tlb",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.Protocols.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Device.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Device.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Deployment.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.SqlXml.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.SqlXml.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.OracleClient.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.OracleClient.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.Install.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Configuration.Install.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Configuration.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Caching.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Caching.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XDocument.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XDocument\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XDocument.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XDocument.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.ReaderWriter.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.ReaderWriter\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.ReaderWriter.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.ReaderWriter.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Linq.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Linq.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.Hosting.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xaml.Hosting.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.WorkflowServices.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.WorkflowServices.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.Runtime.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.Runtime.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.ComponentModel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.ComponentModel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.Activities.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.Activities.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.DataVisualization.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Windows.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Routing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Routing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Extensions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Extensions.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Entity.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Entity.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Entity.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Entity.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DynamicData.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DynamicData.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DynamicData.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DynamicData.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DataVisualization.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.ApplicationServices.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Abstractions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Abstractions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Threading.Tasks.Parallel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks.Parallel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.Parallel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.Tasks.Parallel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Threading.Tasks.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.Tasks.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Threading.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Text.RegularExpressions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Text.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Text.RegularExpressions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Text.RegularExpressions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Text.Encoding.Extensions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Text.Encoding.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Text.Encoding.Extensions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Text.Encoding.Extensions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Text.Encoding.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Text.Encoding\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Text.Encoding.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Text.Encoding.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Web.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Web.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.WasHosting.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.WasHosting.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.ServiceMoniker40.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.ServiceMoniker40.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Security.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.Security.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Security.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Routing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Routing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Primitives.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.Primitives.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Primitives.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.NetTcp.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.NetTcp\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.NetTcp.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.NetTcp.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Internals.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Internals.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Http.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.Http.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Http.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Duplex.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Duplex\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.Duplex.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Duplex.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Discovery.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Channels.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activities.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Activities.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activation.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Activation.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Security.Principal.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security.Principal\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.Principal.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.Principal.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Numerics.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Numerics\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Numerics.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Numerics.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.InteropServices.WindowsRuntime.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices.WindowsRuntime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.WindowsRuntime.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.InteropServices.WindowsRuntime.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.InteropServices.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.InteropServices.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Extensions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Extensions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Extensions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.DurableInstancing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.DurableInstancing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Resources.ResourceManager.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Resources.ResourceManager\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Resources.ResourceManager.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Resources.ResourceManager.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.Primitives.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Primitives.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Primitives.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.Extensions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Extensions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Extensions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.Emit.Lightweight.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Emit.Lightweight\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Emit.Lightweight.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Emit.Lightweight.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.Emit.ILGeneration.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Emit.ILGeneration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Emit.ILGeneration.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Emit.ILGeneration.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.Emit.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Emit\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Emit.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Emit.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Printing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Printing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ObjectModel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ObjectModel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ObjectModel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ObjectModel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.Requests.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Requests\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Requests.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Requests.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.Primitives.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Primitives.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Primitives.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.NetworkInformation.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.NetworkInformation\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.NetworkInformation.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.NetworkInformation.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.Http.Rtc.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http.Rtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.Rtc.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Http.Rtc.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.Instrumentation.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Management.Instrumentation.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Linq.Queryable.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq.Queryable\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.Queryable.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.Queryable.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Linq.Parallel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq.Parallel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.Parallel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.Parallel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Linq.Expressions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq.Expressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.Expressions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.Expressions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Linq.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Log.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Log.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IO.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Services.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Services\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Services.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.Services.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Selectors.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.Selectors.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Globalization.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Globalization\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Globalization.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Globalization.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.Runtime.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.Runtime.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Dynamic.Runtime.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Dynamic.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.AccountManagement.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.AccountManagement.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Tracing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tracing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Tracing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Tracing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Tools.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tools\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Tools.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Tools.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Debug.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Debug\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Debug.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Debug.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Contracts.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Contracts\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Contracts.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Contracts.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E35D1490B22947f19C13DABC6AA367C1.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Client.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.Client.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Linq.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Linq.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Entity.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Entity.Design.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.DataSetExtensions.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Core.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.EventBasedAsync.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.EventBasedAsync\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ComponentModel.EventBasedAsync.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.EventBasedAsync.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ComponentModel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.DataAnnotations.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.componentmodel.composition.registration.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition.Registration\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.Registration.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\system.componentmodel.composition.registration.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Composition.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.Composition.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Annotations.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Annotations\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ComponentModel.Annotations.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.Annotations.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Collections.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Collections.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Collections.Concurrent.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections.Concurrent\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.Concurrent.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Collections.Concurrent.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.AddIn.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.Contract.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.AddIn.Contract.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Presentation.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.Presentation.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.DurableInstancing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.DurableInstancing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Core.Presentation.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.Core.Presentation.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\sysglobl.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\sysglobl.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Speech.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Speech.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMDiagnostics.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceMonikerSupport.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceMonikerSupport.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelRegUI.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\ServiceModelRegUI.dll.mui",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\ServiceModelRegUI.dll.mui",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelRegUI.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelPerformanceCounters.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\ServiceModelPerformanceCounters.dll.mui",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\ServiceModelPerformanceCounters.dll.mui",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelPerformanceCounters.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\ServiceModelInstallRC.dll.mui",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\ServiceModelInstallRC.dll.mui",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\ServiceModelEvents.dll.mui",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\ServiceModelEvents.dll.mui",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ReachFramework.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\ReachFramework.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationUI.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationUI.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationNative_v0400.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\en-US\PresentationHost_v0400.dll.mui",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\en-US\PresentationHost_v0400.dll.mui",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationHost_v0400.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemXmlLinq.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXmlLinq\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXmlLinq.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemXmlLinq.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemXml.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemXml.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemDrawing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemDrawing\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemDrawing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemDrawing.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemData.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemData\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemData.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemData.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemCore.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemCore.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Royale.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Royale.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Luna.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Luna.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Classic.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Classic.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.AeroLite.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.AeroLite\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.AeroLite.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.AeroLite.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Aero.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Aero.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationBuildTasks.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationBuildTasks.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\peverify.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\peverify.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\PerfCounter.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\normalization.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\normalization.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\NlsLexicons0009.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsData0009.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\NlsData0009.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\NaturalLanguage6.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\NaturalLanguage6.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\msvcr120_clr0400.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\msvcr120_clr0400.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\msvcr100_clr0400.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\msvcr100_clr0400.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\msvcr110_clr0400.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\msvcr110_clr0400.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\msvcp120_clr0400.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\msvcp120_clr0400.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\msvcp110_clr0400.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\msvcp110_clr0400.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsn.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsn.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\MUI\0409\mscorsecr.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MUI\0409\mscorsecr.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsecimpl.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsecimpl.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpe.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpe.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E03CABE00C6E41cbA14A705B717ED03C.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreeis.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreeis.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.tlb",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoree.tlb",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\MmcAspExt.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MmcAspExt.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualC.Dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.tlb",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.JScript.tlb",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.JScript.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Windows.ApplicationServer.Applications.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\Microsoft.Windows.ApplicationServer.Applications.dll.mui",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\Microsoft.Windows.ApplicationServer.Applications.dll.mui",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Windows.ApplicationServer.Applications.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.STLCLR.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualC.STLCLR.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Transactions.Bridge.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Internal.Tasks.Dataflow.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Internal.Tasks.Dataflow\v4.0_4.0.0.0__b77a5c561934e089\Microsoft.Internal.Tasks.Dataflow.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Internal.Tasks.Dataflow.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Data.Entity.Build.Tasks.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Data.Entity.Build.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Data.Entity.Build.Tasks.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Data.Entity.Build.Tasks.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.CSharp.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.CSharp.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Utilities.v4.0.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Utilities.v4.0.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Framework.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Framework.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Engine.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Engine.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Conversion.v4.0.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Conversion.v4.0.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Activities.Build\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Activities.Build.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Activities.Build.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Activities.Build.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ISymWrapper.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ISymWrapper.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtilLib.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtilLib.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\fusion.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\FileTrackerUI.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\FileTrackerUI.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\FileTracker.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\FileTracker.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\diasymreader.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfdll.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\CvtResUI.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\CvtResUI.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\CustomMarshalers.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CustomMarshalers.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\cscui.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CORPerfMonExt.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clretwrc.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clretwrc.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrcompression.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrcompression.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\AspNetMMCExt.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AspNetMMCExt.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_rc.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Aspnet_perf.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_filter.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_filter.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\aspnet_counters.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\aspnet_counters.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\alinkui.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\alinkui.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\alink.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\AdoNetDiag.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AdoNetDiag.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Accessibility.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Accessibility.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\vbc7ui.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\vbc7ui.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DataVisualization.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\b201d.msp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\NDP45-KB4014514.msp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\sqmapi.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\SetupUi.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1049\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1055\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1053\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1043\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1032\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\3082\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1038\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1036\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1031\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\2070\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1046\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1045\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1040\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1035\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1029\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1044\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1030\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1033\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1037\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1041\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1042\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1028\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1025\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\2052\SetupResources.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\SetupEngine.dll",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\SetupUtility.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\Setup.exe",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1055\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\2070\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\2052\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1046\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\3082\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1042\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1049\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1045\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1053\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1044\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1038\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1036\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1041\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1040\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1037\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1043\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1035\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1033\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1028\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1032\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1029\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1030\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1025\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1031\eula.rtf",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\DHtmlHeader.html",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\SetupUi.xsd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\UiInfo.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\Strings.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\ParameterInfo.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\2070\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1049\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1055\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1053\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1032\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1036\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1045\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1038\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\3082\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1040\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1043\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1044\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1046\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1035\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1033\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1037\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1041\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1042\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1031\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1029\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1030\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1025\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\1028\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\2052\LocalizedData.xml",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\Graphics\warn.ico",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\Graphics\SysReqNotMet.ico",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\Graphics\SysReqMet.ico",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\Graphics\stop.ico",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\Graphics\Setup.ico",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\Graphics\Save.ico",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\Graphics\Rotate8.ico",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\Graphics\Rotate7.ico",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\Graphics\Rotate6.ico",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\Graphics\Rotate5.ico",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\Graphics\Rotate4.ico",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\Graphics\Rotate3.ico",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\Graphics\Rotate2.ico",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\Graphics\Rotate1.ico",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\Graphics\Print.ico",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\watermark.bmp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\SplashScreen.bmp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB4014514-x64.exe","C:\23d90075d70a1b9c6f910b04\header.bmp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FCA4075EF4D64f93A29C836178923689.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3F7D879058D34de2B3DCCA4F3C9EC665.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5B49098EB18A4db3AF8D17E2C84F8CD1.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AF43816CD4C64d5c912257D04FBC74B9.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2283B09720EC46f096352C3944091CF2.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 642506AB14704b028634EAAD3E4A0F6A.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fed7a19f16617d337cbdaf2962bf9ec5\BITE668.tmp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0B213E570CA640a58F0FCBF0F6B04D35.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8F5BFDD5C29E46199252FD3F16F5F5D6.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AEC85B5DAEE942f998A3B0A781346364.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F10145125A54461bA75AEC5D1B8B8B4B.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6CA902E41AFB4909B2C4484D65AB91CD.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B553EAF3A4F5442eB13B54CC952BD3F2.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2277.tmp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2276.tmp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2275.tmp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2226.tmp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\a5a016f3-0124-4121-9b1c-dbe1eb3e6c26\index-dir\temp-index",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2NYVE1CGZTKYL6R1L6MJ.temp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\21D7.tmp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\LOG",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\a5a016f3-0124-4121-9b1c-dbe1eb3e6c26\index-dir\temp-index",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\a5a016f3-0124-4121-9b1c-dbe1eb3e6c26\index-dir\temp-index",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\2693a706-36e2-4747-99ff-88d7a10eadae\index-dir\temp-index",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\59B.tmp",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F90E4BA8A52F4dc898442F93F14D23E1.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0EE89DE02061413cB6ED3142A3311D87.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CD4AC876352D4a868D45EC5CCA25D8C7.ppd",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-05-19T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\Logs\CBS\CbsPersist_20170516020430.cab",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\9442.msi",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{32e58e76-81ec-1a20-5e8a-5574d451886a}\SETEF8D.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{32e58e76-81ec-1a20-5e8a-5574d451886a}\SETEF8C.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{32e58e76-81ec-1a20-5e8a-5574d451886a}\SETEF8B.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{7beb1c00-2a2b-7fef-e85b-904977a4eb40}\SETEF7E.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{7beb1c00-2a2b-7fef-e85b-904977a4eb40}\SETEF7D.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{7beb1c00-2a2b-7fef-e85b-904977a4eb40}\SETEF6C.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\PS_SCHM.GDL",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\PSCRIPT.NTF",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPS.DLL",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPS.INI",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\PSCRIPT.HLP",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPS.PPD",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\PS5UI.DLL",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\PSCRIPT5.DLL",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{AE88F4B7-C54A-4923-BAB8-38BC046D10A7}\SETE220.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{AE88F4B7-C54A-4923-BAB8-38BC046D10A7}\SETE21F.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{AE88F4B7-C54A-4923-BAB8-38BC046D10A7}\SETE21E.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{AE88F4B7-C54A-4923-BAB8-38BC046D10A7}\SETE20E.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{AE88F4B7-C54A-4923-BAB8-38BC046D10A7}\SETE20D.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{AE88F4B7-C54A-4923-BAB8-38BC046D10A7}\SETE20C.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{AE88F4B7-C54A-4923-BAB8-38BC046D10A7}\SETE20B.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{AE88F4B7-C54A-4923-BAB8-38BC046D10A7}\SETE20A.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIsve.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIita.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUItha.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIrus.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIptb.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIplk.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIkor.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIjpn.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIhun.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIfra.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIesn.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIell.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIdeu.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIcsy.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIcht.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIchs.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPOG.chm",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPOG.bin",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUI.DLL",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPRN.DLL",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\prtprocs\x64\1\SETE16D.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE16C.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE16B.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE16A.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE169.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE158.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE157.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE156.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE155.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE154.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE143.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE142.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE141.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE140.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE13F.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE13E.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE13D.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE13C.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE12C.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE12B.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D89F1D19-8F8C-4772-BC16-167AB12D1A52}\SETE12A.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\vmGuestLibJava.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\vmGuestLib.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\vmGuestLibJava.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\vmGuestLib.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\VgAuthIntegrationSubsys.dll.manifest",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\data\input\providerReg\caf_RemoteCommandProvider_1_0_0.xml",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ConfigProvider.exe.manifest",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.dll.manifest",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\RemoteCommandProvider.exe.manifest",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\setUpVgAuth.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\IntegrationSubsys.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\rabbitmq.4.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\MaIntegrationSubsys.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpIntegrationSubsys.dll.manifest",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.dll.manifest",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\data\input\installProviderHeader.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\CommAmqpListener-log4cpp_config",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ConfigProvider.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\is-listener-running.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\start-listener.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\RemoteCommandProvider.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\install\7za.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\data\input\invokers\caf_ConfigProvider_1_0_0.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\providerFx-appconfig",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\data\input\providerReg\cafTestInfra_CafTestInfraProvider_1_0_0.xml",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\data\input\invokers\caf_InstallProvider_1_0_0.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\VgAuthIntegrationSubsys.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\IntBeanConfigFile.xml",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\data\input\providerReg\caf_ConfigProvider_1_0_0.xml",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ProviderFx.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\vgauth.conf",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\install\caf-dbg.ps1",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\CommAmqpListener-context-tunnel.xml",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\is-ma-running.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\providerFx-log4cpp_config",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\stop-listener.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\IntegrationSubsys.dll.manifest",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\TestInfraProvider.exe.manifest",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ProviderFx.dll.manifest",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpIntegrationSubsys.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\CommAmqpListener-context-common.xml",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpIntegration.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\log4cpp.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\intl.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\tearDownVgAuth.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CafIntegrationSubsys.dll.manifest",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\iconv.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\Framework.dll.manifest",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\TestInfraProvider.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\vgAuth.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\start-ma.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\glib-2.0.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\CommAmqpListener-context-amqp.xml",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\pcre.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\install\GuidGen.vbs",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\stop-ma.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\data\input\invokers\caf_RemoteCommandProvider_1_0_0.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.exe.manifest",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\start-VGAuthService.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\data\input\invokers\cafTestInfra_CafTestInfraProvider_1_0_0.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\CommAmqpListener-appconfig",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\data\input\providerReg\caf_InstallProvider_1_0_0.xml",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\Framework.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CafIntegrationSubsys.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommIntegrationSubsys.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\InstallProvider.exe.manifest",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\ma-context.xml",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\ma-appconfig",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe.manifest",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\ma-log4cpp_config",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\install\postInstall.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\cafenv-appconfig",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\stop-VGAuthService.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpIntegration.dll.manifest",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\InstallProvider.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\gthread-2.0.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\MaIntegrationSubsys.dll.manifest",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommIntegrationSubsys.dll.manifest",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPWinPrn.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\TPVMW32.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\TPVMMonUIjpn.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\TPVMMonUIdeu.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\TPVMMonUI.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\TPVMMonjpn.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\TPVMMondeu.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\TPVMMon.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\TPVCGatewaydeu.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\TPVCGateway.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\TPSvc.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\tprdpw32.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOGPS\amd64\TPPS.ppd",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOGPS\amd64\TPPS.ini",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOGPS\amd64\TPPS.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOGPS\tpps.cat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUItha.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIsve.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIrus.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIptb.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIplk.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIkor.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIjpn.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIita.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIhun.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIfra.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIesn.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIell.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIdeu.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIcsy.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIcht.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIchs.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUI.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrn.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\tpprint.cat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPOG.HLP",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPOG.chm",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPOG.bin",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOGPS\OEMPRINT.inf",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\OEMPRINT.INF",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware Tools\Unity Filters\win7gadgets.txt",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware Tools\Unity Filters\vmwarefilters.txt",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware Tools\Unity Filters\visualstudio2005.txt",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware Tools\Unity Filters\vistasidebar.txt",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmusr\unity.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware Tools\Unity Filters\microsoftoffice.txt",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware Tools\Unity Filters\googledesktop.txt",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware Tools\Unity Filters\adobephotoshopcs3.txt",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware Tools\Unity Filters\adobeflashcs3.txt",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VmUpgradeHelper.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmusr\vmtray.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\vmbackup.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\common\vix.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\timeSync.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\common\thinprint.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\resolutionSet.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\powerOps.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\hwUpgradeHelper.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\zh_TW\hgfsUsability.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\zh_CN\hgfsUsability.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\ko\hgfsUsability.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\ja\hgfsUsability.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\it\hgfsUsability.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\fr\hgfsUsability.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\es\hgfsUsability.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\common\hgfsUsability.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\de\hgfsUsability.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\common\hgfsServer.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\guestInfo.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\grabbitmqProxy.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmusr\dndcp.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\diskWiper.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\disableGuestHibernate.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\zh_TW\desktopEvents.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\zh_CN\desktopEvents.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\ko\desktopEvents.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\ja\desktopEvents.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\it\desktopEvents.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\fr\desktopEvents.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\es\desktopEvents.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmusr\desktopEvents.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\de\desktopEvents.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\deployPkgPlugin.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\bitMapper.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\autoUpgrade.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\autoLogon.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\zip.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMwareXferlogs.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMwareToolboxCmd.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMwareResolutionSet.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMwareNamespaceCmd.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMwareHostOpen.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMToolsHookProc.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMToolsHook64.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMToolsHook.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\zh_TW\vmtoolsd.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\zh_CN\vmtoolsd.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\ko\vmtoolsd.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\ja\vmtoolsd.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\it\vmtoolsd.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\fr\vmtoolsd.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\vmtoolsd.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\es\vmtoolsd.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\de\vmtoolsd.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\vmtools.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\win64\vmGuestLibJava.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\win32\vmGuestLibJava.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\win64\vmGuestLib.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\win32\vmGuestLib.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\vm-support.vbs",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\zh_TW\toolboxcmd.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\zh_CN\toolboxcmd.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\ko\toolboxcmd.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\ja\toolboxcmd.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\it\toolboxcmd.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\fr\toolboxcmd.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\es\toolboxcmd.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\de\toolboxcmd.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\suspend-vm-default.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\ssleay32.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\sigc-2.0.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\rpctool.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\resume-vm-default.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\poweron-vm-default.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\poweroff-vm-default.bat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\pcre.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\openssl.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\open_source_licenses.txt",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\libeay32.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\intl.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\icudt44l.dat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\iconv.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\hgfs.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\guestproxycerttool.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware Tools\guestproxy-ssl.conf",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\gthread-2.0.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\gobject-2.0.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\gmodule-2.0.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\glibmm-2.4.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\glib-2.0.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\gio-2.0.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\deployPkg.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vss\VCBSnapshotProvider.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vss\comreg.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmxnet3\Vista\vmxnet3ver.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmxnet3\Vista\vmxnet3.sys",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmxnet3\Vista\vmxnet3.inf",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmxnet3\Vista\vmxnet3.cat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3dver.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3dum64_10.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3dum64.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3dum_10.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3dum.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3dmp.sys",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3dgl64.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3dgl.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3ddevapi64.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3ddevapi.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3d.inf",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3d.cat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Vista\vsockver.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Vista\vsocklib_x86.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Vista\vsocklib_x64.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Vista\vsock.sys",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Vista\vsock.inf",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Vista\vsock.cat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\device\Vista\vmciver.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\device\vmciver.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\include\vmci_sockets.h",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\device\Vista\vmci.sys",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\device\Vista\vmci.inf",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\device\Vista\vmci.cat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\pvscsi\Vista\pvscsiver.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\pvscsi\Vista\pvscsi.sys",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\pvscsi\Vista\pvscsi.inf",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\pvscsi\Vista\pvscsi.cat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\mouse\Vista\vmusbmousever.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\mouse\Vista\vmusbmouse.sys",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\mouse\Vista\vmusbmouse.inf",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\mouse\Vista\vmusbmouse.cat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\mouse\Vista\vmmousever.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\mouse\Vista\vmmouse.sys",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\mouse\Vista\vmmouse.inf",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\mouse\Vista\vmmouse.cat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\memctl\Vista\vmmemctlver.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\memctl\Vista\vmmemctl.sys",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\memctl\Vista\vmmemctl.inf",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\memctl\Vista\vmmemctl.cat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMwareHgfsClient.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\Drivers\hgfs\Vista\vmhgfsver.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\Drivers\hgfs\Vista\vmhgfs_x86.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\Drivers\hgfs\Vista\vmhgfs_x64.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\Drivers\hgfs\Vista\vmhgfs.sys",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\Drivers\hgfs\Vista\vmhgfs.inf",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\Drivers\hgfs\Vista\vmhgfs.cat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\rawdsk\Vista\vmrawdskver.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\rawdsk\Vista\vmrawdsk.sys",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\rawdsk\Vista\vmrawdsk.inf",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\rawdsk\Vista\vmrawdsk.cat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\vmacthlp.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\audio\Vista\vmaudiover.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\audio\Vista\vmaudio.sys",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\audio\Vista\vmaudio.inf",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\audio\Vista\vmaudio.cat",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\zh_TW\VGAuthService.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\zh_CN\VGAuthService.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\ko\VGAuthService.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\ja\VGAuthService.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\it\VGAuthService.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\fr\VGAuthService.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\es\VGAuthService.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\en\VGAuthService.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\de\VGAuthService.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\zh_TW\VGAuthLib.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\zh_CN\VGAuthLib.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\ko\VGAuthLib.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\ja\VGAuthLib.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\it\VGAuthLib.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\fr\VGAuthLib.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\es\VGAuthLib.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\en\VGAuthLib.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\de\VGAuthLib.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\zh_TW\VGAuthCli.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\zh_CN\VGAuthCli.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\ko\VGAuthCli.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\ja\VGAuthCli.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\it\VGAuthCli.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\fr\VGAuthCli.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\es\VGAuthCli.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\en\VGAuthCli.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\de\VGAuthCli.vmsg",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\xml.xsd",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\xerces-c_3_1.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\gobject-2.0.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\pcreposix.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\gthread-2.0.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\pcre.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\VMWSU_V1_0.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\XMLSchema.dtd",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\gio-2.0.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\xmldsig-core-schema.xsd",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuth.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\xsec_1_6.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\libeay32.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\glib-2.0.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\gmodule-2.0.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\XMLSchema.xsd",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\datatypes.dtd",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\XMLSchema-instance.xsd",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\VMwareAliasImport.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\catalog.xml",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\vmtools.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\xenc-schema.xsd",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\ssleay32.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\iconv.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthCLI.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\saml-schema-assertion-2.0.xsd",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\XMLSchema-hasFacetAndProperty.xsd",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\pcrecpp.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\intl.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\rvmSetup.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\install-rvmSetup.cmd",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\msvcr71.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\mfc71u.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\mfc71.dll",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\92dc.msi",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Program Files\VMware\VMware Tools\vmtoolsd.exe","C:\Windows\Temp\vmware-SYSTEM\VMwareToolsUpgrader.exe",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\9929.tmp",2
"2017-05-16T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9919.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\9F3E.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\B58.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\D51B.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Users\User\AppData\Local\Temp\chrome_BITS_540_7911\BIT1F7E.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Users\User\AppData\Local\Temp\chrome_BITS_540_32230\BITDE78.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Users\User\AppData\Local\Temp\chrome_BITS_540_17010\BIT3E62.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\64F8.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\774F.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\DF24.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\DA34.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9F93.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9DAF.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CFC3.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\CDFE.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\X7WN459TLPYAQ05JJN3F.temp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\80F3.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\1EC6.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\1D7E.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\a5a016f3-0124-4121-9b1c-dbe1eb3e6c26\index-dir\temp-index",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\2693a706-36e2-4747-99ff-88d7a10eadae\index-dir\temp-index",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E444.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E443.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E404.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E3F3.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\E366.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QFCNBB0YTQAA2NZ6ORAL.temp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\LOG",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\2693a706-36e2-4747-99ff-88d7a10eadae\index-dir\temp-index",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\2693a706-36e2-4747-99ff-88d7a10eadae\index-dir\temp-index",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6157f7b0dfcd2d1104dcaceafef9964b\BITEBCF.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\9dd75e3.msi",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\9dd75de.msi",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\9dd75dd.msi",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e066b13980cbdb7e6e7794b0f454d65a\BIT354C.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\273054dcdf5324e755bbdddd03c7ccef\BITD1D7.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\cd3ae5c6259c1dca09d1fe36023003b5\BITCEBB.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4cb494ee400e82785831cdfcc351a036\BITCE5C.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6157f7b0dfcd2d1104dcaceafef9964b\BITCDBF.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e066b13980cbdb7e6e7794b0f454d65a\BITCCE4.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-fe.exe","C:\Windows\Temp\{97C7955A-24C6-4B25-A03B-14FAB4EAF32B}\mpengine.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-fe.exe","C:\Windows\Temp\{97C7955A-24C6-4B25-A03B-14FAB4EAF32B}\mpasbase.vdm",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-fe.exe","C:\Windows\Temp\{97C7955A-24C6-4B25-A03B-14FAB4EAF32B}\mpasdlta.vdm",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-fe.exe","C:\Windows\Temp\{97C7955A-24C6-4B25-A03B-14FAB4EAF32B}\MPSigStub.exe",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5f22f3f23191811165316fe8a5fe5c0a\BITE18F.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Users\User\AppData\Local\Temp\BITDFB1.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\9dd75dc.msp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Updater.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF5934.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Search.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF5922.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF5911.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF58E0.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\en-US.pak",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF58CE.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF512E.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF5081.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_200_percent.pak",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF506F.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF505D.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF500D.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\eBook.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4FFC.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\weblink.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4FFA.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\SendMail.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4FC9.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\ReadOutLoud.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4FB7.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\PPKLite.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4F29.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\IA32.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4F17.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\EScript.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4EE7.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DigSig.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4EC5.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DVA.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4EC3.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Checkers.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4EA2.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4DA7.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annots.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4D18.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4CF7.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\tesselate.x3d",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4CF5.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prcr.x3d",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4CC4.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvDX9.x3d",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4CB3.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\3difr.x3d",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4CA1.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\2d.x3d",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4C8F.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvSOFT.x3d",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4C8D.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Spelling.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4C7C.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\SaveAsRTF.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4C6A.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\reflow.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4C59.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\PDDom.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4C47.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\MakeAccessible.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4C16.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Accessibility.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4C05.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4BF3.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4BE1.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4BD0.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4B9F.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4B8D.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIB.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4B7C.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4B1C.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4A4F.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4A4D.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4A1D.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4837.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4825.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXSLE.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4814.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4802.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DropboxStorage.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF47F1.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\StorageConnectors.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF47DF.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF47DD.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF47CB.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF47BA.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF64.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF47B8.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl64.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF47A6.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4795.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4754.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF46A7.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4676.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4664.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_47.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_extensions.pak",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\snapshot_blob.bin",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\natives_blob.bin",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIDE.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\widevinecdmadapter.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libGLESv2.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libEGL.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_43.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\chrome_elf.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\DirectInk.dll",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\dropboxstorage.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\StorageConnectors.api",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\9dd7550.msp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\9dd754e.msp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.023.20070\BIT7FD5.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.023.20070\BIT7DD1.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\9dd754d.msi",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\9dd7543.msi",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BIT377D.tmp",2
"2017-05-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BITF28F.tmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\58d58.msp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d57.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\wpfgfx_x86.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d56.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\wpfgfx_amd64.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d55.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d54.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d53.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System_Xaml_x86.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xaml.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d52.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System_Xaml_amd64.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d51.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationHost_v0400.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d50.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d4f.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d4e.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d4d.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d4c.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d4b.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PenIMC_X86.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d4a.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PenIMC_AMD64.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\58d46.msp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\Graphics\warn.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\Graphics\stop.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\Graphics\SysReqNotMet.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\Graphics\SysReqMet.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\Graphics\Setup.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\Graphics\Save.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\Graphics\Rotate8.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\Graphics\Rotate7.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\Graphics\Rotate6.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\Graphics\Rotate5.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\Graphics\Rotate4.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\Graphics\Rotate3.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\Graphics\Rotate2.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\Graphics\Rotate1.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\Graphics\Print.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\3082\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\3082\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\3082\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\3076\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\3076\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\3076\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\2070\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\2070\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\2070\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\2052\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\2052\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\2052\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1055\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1055\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1055\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1053\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1053\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1053\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1049\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1049\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1049\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1046\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1046\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1046\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1045\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1045\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1045\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1044\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1044\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1044\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1043\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1043\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1043\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1042\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1042\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1042\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1041\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1041\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1041\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1040\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1040\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1040\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1038\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1038\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1038\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1037\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1037\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1037\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1036\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1036\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1036\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1035\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1035\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1035\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1033\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1033\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1033\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1032\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1032\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1032\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1031\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1031\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1031\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1030\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1030\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1030\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1029\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1029\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1029\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1028\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1028\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1028\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1025\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1025\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\1025\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\SetupUtility.exe",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\NDP40-KB2737019.msp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\ParameterInfo.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\SplashScreen.bmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\Strings.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\UiInfo.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\header.bmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\watermark.bmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\sqmapi.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\SetupUi.xsd",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\SetupUi.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\SetupEngine.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\Setup.exe",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\498658b3765ca1e49dd9\DHtmlHeader.html",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\cbf3ecec88332e684b2fa5f4b8d83830\BITCDF4.tmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\86294af18b327a5cf0adb67c9b250b16\BITCDD4.tmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2b77a1ae1f8f97e846ccc8b69a9dafc3\BITCDD3.tmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a427c2d9d39b61db9d0a79004abea099\BITCDC3.tmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\be160b613e9734c49797bb7267177628\BITCDC2.tmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\034c15daa2c87d7f0fd4013048d5c410\BITCDB1.tmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7b4e265de6d5400655de5fa89d05e135\BITCD91.tmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6ef829b9e1cc54bba3941176f27397a6\BITCD80.tmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a9f4636d30c0dcf2284a6923ba6e9844\BITCD70.tmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7b1b6d903c3f76588fbd3e33c2d8992a\BITCF3E.tmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\58d45.msp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d44.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d43.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\58d3f.msp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\Graphics\warn.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\Graphics\stop.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\Graphics\SysReqNotMet.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\Graphics\SysReqMet.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\Graphics\Setup.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\Graphics\Save.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\Graphics\Rotate8.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\Graphics\Rotate7.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\Graphics\Rotate6.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\Graphics\Rotate5.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\Graphics\Rotate4.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\Graphics\Rotate3.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\Graphics\Rotate2.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\Graphics\Rotate1.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\Graphics\Print.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\3082\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\3082\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\3082\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\3076\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\3076\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\3076\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\2070\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\2070\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\2070\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\2052\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\2052\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\2052\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1055\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1055\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1055\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1053\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1053\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1053\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1049\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1049\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1049\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1046\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1046\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1046\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1045\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1045\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1045\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1044\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1044\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1044\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1043\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1043\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1043\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1042\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1042\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1042\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1041\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1041\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1041\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1040\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1040\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1040\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1038\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1038\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1038\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1037\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1037\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1037\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1036\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1036\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1036\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1035\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1035\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1035\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1033\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1033\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1033\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1032\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1032\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1032\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1031\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1031\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1031\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1030\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1030\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1030\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1029\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1029\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1029\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1028\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1028\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1028\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1025\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1025\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\1025\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\SetupUtility.exe",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\NDP40-KB2789642.msp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\ParameterInfo.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\SplashScreen.bmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\Strings.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\UiInfo.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\header.bmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\watermark.bmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\sqmapi.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\SetupUi.xsd",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\SetupUi.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\SetupEngine.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\Setup.exe",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\d6d66650bff4b343d91cad10301650\DHtmlHeader.html",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4e74491b67c531062853095648db8833\BITCEFF.tmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\58d3e.msp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\58d2a.msp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\Graphics\warn.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\Graphics\stop.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\Graphics\SysReqNotMet.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\Graphics\SysReqMet.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\Graphics\Setup.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\Graphics\Save.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\Graphics\Rotate8.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\Graphics\Rotate7.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\Graphics\Rotate6.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\Graphics\Rotate5.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\Graphics\Rotate4.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\Graphics\Rotate3.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\Graphics\Rotate2.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\Graphics\Rotate1.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\Graphics\Print.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\3082\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\3082\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\3082\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\3076\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\3076\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\3076\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\2070\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\2070\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\2070\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\2052\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\2052\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\2052\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1055\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1055\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1055\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1053\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1053\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1053\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1049\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1049\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1049\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1046\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1046\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1046\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1045\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1045\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1045\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1044\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1044\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1044\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1043\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1043\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1043\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1042\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1042\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1042\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1041\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1041\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1041\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1040\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1040\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1040\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1038\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1038\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1038\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1037\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1037\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1037\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1036\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1036\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1036\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1035\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1035\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1035\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1033\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1033\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1033\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1032\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1032\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1032\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1031\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1031\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1031\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1030\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1030\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1030\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1029\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1029\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1029\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1028\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1028\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1028\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1025\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1025\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\1025\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\SetupUtility.exe",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\NDP40-KB2729449.msp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\ParameterInfo.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\SplashScreen.bmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\Strings.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\UiInfo.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\header.bmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\watermark.bmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\sqmapi.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\SetupUi.xsd",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\SetupUi.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\SetupEngine.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\Setup.exe",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\00f847836effd38c1d\DHtmlHeader.html",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\58d29.msp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d28.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\WindowsBase_x86.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d27.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\WindowsBase_amd64.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d26.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_windows_forms_dll_x86",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d25.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_windows_forms_dll_amd64",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d24.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_dll_x86",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d23.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_dll_amd64",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d22.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.addin.dll_x86",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.AddIn.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d21.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.addin.dll_amd64",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d20.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\sos_dll_x86",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d1f.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\sos_dll_amd64",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d1e.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationHostDLL_X86.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationHost_v0400.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d1d.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationHostDLL_AMD64.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d1c.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework_x86.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d1b.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework_amd64.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d1a.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationCore_x86.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d19.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationCore_amd64.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d18.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\sortdefault_nlp_x86",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\nlssorting_dll_x86",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d17.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\sortdefault_nlp_amd64",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\nlssorting_dll_amd64",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d16.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normidna_nlp_x86",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normnfkd_nlp_x86",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normnfkc_nlp_x86",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normnfd_nlp_x86",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normnfc_nlp_x86",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorlib_dll_x86",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d15.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normidna_nlp_amd64",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normnfkd_nlp_amd64",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normnfkc_nlp_amd64",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normnfd_nlp_amd64",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normnfc_nlp_amd64",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorlib_dll_amd64",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d14.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscordbi_dll_x86",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d13.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscordbi_dll_amd64",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d12.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscordacwks_dll_x86",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d11.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscordacwks_dll_amd64",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d10.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\clrjit_dll_x86",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d0f.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\clrjit_dll_amd64",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d0e.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\clr_dll_x86",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d0d.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\clr_dll_amd64",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\58d09.msp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\Graphics\warn.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\Graphics\stop.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\Graphics\SysReqNotMet.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\Graphics\SysReqMet.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\Graphics\Setup.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\Graphics\Save.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\Graphics\Rotate8.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\Graphics\Rotate7.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\Graphics\Rotate6.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\Graphics\Rotate5.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\Graphics\Rotate4.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\Graphics\Rotate3.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\Graphics\Rotate2.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\Graphics\Rotate1.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\Graphics\Print.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\3082\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\3082\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\3082\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\3076\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\3076\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\3076\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\2070\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\2070\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\2070\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\2052\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\2052\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\2052\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1055\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1055\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1055\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1053\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1053\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1053\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1049\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1049\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1049\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1046\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1046\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1046\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1045\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1045\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1045\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1044\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1044\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1044\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1043\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1043\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1043\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1042\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1042\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1042\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1041\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1041\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1041\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1040\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1040\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1040\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1038\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1038\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1038\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1037\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1037\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1037\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1036\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1036\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1036\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1035\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1035\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1035\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1033\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1033\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1033\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1032\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1032\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1032\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1031\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1031\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1031\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1030\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1030\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1030\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1029\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1029\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1029\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1028\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1028\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1028\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1025\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1025\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\1025\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\SetupUtility.exe",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\NDP40-KB2604121.msp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\ParameterInfo.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\SplashScreen.bmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\Strings.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\UiInfo.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\header.bmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\watermark.bmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\sqmapi.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\SetupUi.xsd",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\SetupUi.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\SetupEngine.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\Setup.exe",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\dc18ff411c3a81385d3b1b1816\DHtmlHeader.html",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\58d08.msp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d07.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelReg.exe.x86",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\58d06.rbf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelReg.exe.amd64",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256.mum",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256.mum",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256.mum",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\wuident-inner.cab",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\wuident.txt",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\58d02.msp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\Graphics\warn.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\Graphics\stop.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\Graphics\SysReqNotMet.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\Graphics\SysReqMet.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\Graphics\Setup.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\Graphics\Save.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\Graphics\Rotate8.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\Graphics\Rotate7.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\Graphics\Rotate6.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\Graphics\Rotate5.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\Graphics\Rotate4.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\Graphics\Rotate3.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\Graphics\Rotate2.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\Graphics\Rotate1.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\Graphics\Print.ico",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\3082\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\3082\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\3082\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\3076\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\3076\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\3076\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\2070\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\2070\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\2070\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\2052\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\2052\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\2052\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1055\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1055\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1055\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1053\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1053\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1053\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1049\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1049\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1049\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1046\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1046\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1046\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1045\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1045\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1045\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1044\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1044\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1044\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1043\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1043\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1043\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1042\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1042\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1042\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1041\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1041\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1041\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1040\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1040\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1040\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1038\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1038\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1038\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1037\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1037\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1037\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1036\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1036\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1036\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1035\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1035\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1035\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1033\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1033\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1033\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1032\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1032\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1032\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1031\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1031\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1031\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1030\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1030\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1030\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1029\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1029\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1029\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1028\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1028\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1028\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1025\eula.rtf",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1025\LocalizedData.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\1025\SetupResources.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\SetupUtility.exe",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\NDP40-KB2656351.msp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\ParameterInfo.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\SplashScreen.bmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\Strings.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\UiInfo.xml",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\header.bmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\watermark.bmp",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\sqmapi.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\SetupUi.xsd",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\SetupUi.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\SetupEngine.dll",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\Setup.exe",2
"2017-04-18T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\a7bec5a923d37447d0d813db1d0c872e\DHtmlHeader.html",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 39758121006D4532B18D95C0CD3FE41B.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 347719840B704a7aBC8D5EFED3AB5E78.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 74DFF2A0C4E54c4bA386417C9737E81A.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 61FB4B4A5F61409d98984872E145A836.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0D13AF4556E440fbB526EB172BA1F3FA.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 70F46FEF31604e63A3EB146498AFB812.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4AB8429D27E246139B293C1DCB014493.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BFB61766F31C4f2082A18F5D4BE6E6C2.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 36DE17F6593043448A6A2FAEE4409F0D.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E500FDA929B74d7f8B73C4FF9866873F.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FB6FF42ABAB744268DB2FC1AB3354F33.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4CFA845EB2574805906B1FF630011993.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 82F3CDEBF55248298236D4E143FA5520.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FC8016C994CE4297896E887E97FB1B4B.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3A01E7CBF5DF4e70B1CB315CEF65B55F.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 42D96E1E8DCF48e2BEACC42B59EA14A6.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 088C20DDD3194a3f93A24925FF03832B.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4766AF1A7BE14e54AAC53B2C33F635EC.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C10003A32456414794CBF196D180B47C.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C90977E337924e1a90ED09299DABC563.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C9E0AD47297F4f5cBD6A1AFD209CF7C2.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A5AB5A4091C44d0893DC782C5E2F5A83.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8B09A0EC9BF145ef993B277D8BC7EFDE.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 79B3B98476ED4f9cBFD50EB1BE772FEA.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0A4E413EEFE54b849A68C1E0AAD1ADF3.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 40899F8A11AE41ba99ACA0F44CEBCA3C.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F734A1B40ACC44de837C4673F6EF0994.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ADA6BC2FEDB94c99B5AC6B0648EB5529.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6E486BA6023B4a5b9B5E2496B4E80A56.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 09A0A89428E74a7f93B029901B4F3A87.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0F366A0D345D44a7A450C587B7299580.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 537DF6DA3A8F494f8561849253AC77BA.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DAF7326E1A28460a816E03CD7E5D2E1F.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D257C385684A4ebdB16429610CA26EB0.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B530EF38DD4943a39A4C479D4D54304B.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D1A1AC961B1A48049520DE323407D674.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7F99DB6F5C3247f7BF712F213C23F6F2.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0126C02D0B91427bBAF53C06AE7C2B51.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F910BEBC26B84a5bB60B71CFF6E51D1C.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F82CC86CB05D4515A086D3DE968FE864.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D76727415E7049e9952423823604C69A.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CE3DD6E35E91402f9997885FA32AC0AA.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C300A08D2450440a9F194B4A2FE4BF32.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D8C75D8FBA6040d99A2DC646AE0E2BBB.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B85B6D12E4B546e398E557E23D6E5748.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D7E8A5EC0AF94de5B20A53BBD245F086.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 237B8D99AF094d0c9AC39A7AA1E9A80D.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ECCC77756C844b5a977A4418C94A0307.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6302303BF7AB4866BF09220D4951E97E.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EEBEC1DE959D4d569F96462B0C3BDB71.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6DC46F9645DA4823B689661B15443521.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 02E38FFF305E4b2981F2BC89A2DFCD31.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CCCE1BE47BE94754B73C7B4348329FD5.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 06ACF645332142c891405878C21F9ED9.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A1EBF0BE629E48b2BBFC857607D0C753.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EBA3D3E021D844c8AAA054A961A80595.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2DC5DB38A4E344deB7985601D3347AA9.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9A998B5078354c66AB8F7AF265BD6807.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8DAD11DD78DD4ef0903E7C04BC62C351.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9CCB7D4FA01C43a4B53181CB4B358C2E.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 71181B6BE97546c3A4DDBE536F255C79.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6CEF5298B2A74892B8770738A870B254.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 33B9E4E211394f668F6532F4A6C9E2BA.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 63C0DFE9CE624c70A93C70CC959F938B.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9C6C48CD56A046fcBED731970158F798.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BA4C0ADFD8EB4284A3A5BB2C3929C838.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E45442E15BC2413189572D07AC76EB44.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 77C63DEBA36D4cd7992E0514CD2B6155.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 36293F2F0FEC4417BC1D293E0FDB2CBD.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3A61D1531A7344ffB9778CFA1E4AAD0C.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E2A5F87583D14ecf985BE1404B30C46B.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 476734B4472244c9891A5CDEFCF58436.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 89017612BD89450389E0388F374B837C.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B0C60286E2594ca68C19560BD4423347.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 69E973A289004b6780A646C575F5AB67.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5CD93D764B7145b2AE58EF3D5BC2328D.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3CC5DF60406C4f5eBF6C0E6CED61B670.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DEDE8C7572194b6bB951AC092C31BAE1.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1D4B61C1AB0C463c8B75495D10B87772.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8B070D8E638F4f3f87FDEFEA87B8DDBD.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2805D630BAB9474b8CE0DE73FAD5D1A1.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 02FDBFB3B4BF45b8AC8C6E30C1EF494D.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E9F9A01CF74841bb802DBA2935C84AF6.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D96BA074552E49d1B05C22A281024A46.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BFF98162F5D240f6B36ABF2BDD878D8F.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DC96E4045EC148338C06773D8BA735AB.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2179847D14EF41f9B70366C7292076BC.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3924D1BB47DD46b8858F797147BF59B0.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 44E6968E9A4F4cadB6655ADE85B8A00E.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1DA79FE1E35A4a97B8865FE4981E83CD.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E2A23DA4164240a7904DF374C204A28E.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C2C52E189CF44ff9BBF492954FDC463B.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 367EFC56F45247aeA87FB36AE3E9871F.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4A7E1DE2849449b8871FCB7F7B53A7B0.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C51B8172A2474d35996DBD62E1F97D1B.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 75E4F188083441238E7BD9A4F3FA6DC0.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1BAD38126C3E4eedAA43EF805FCBADA9.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F8DE6F4EFEA14d40BCEFDB070A9B7653.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 54B6AE18E14D4c1d9FD3144D3342B07B.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 34887AF93E644277AD08C38E470B7771.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 61F85DC4A0994d79AE7C686F8C1341C1.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A4A4B6F9DFAA49fcBDD764254380B810.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D78E8E6D07F94b4983F768F9B33C1D3A.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ABFDCA70F03949b296814EEE39C94812.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A20A131F1F0F4189A20F8DF548AB040F.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 744EDBBA054F4d62B01AED97E261965B.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DE49607D43D74f2eB9898CB50BF219C8.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A56A45775E474151AD3DE272BE65E448.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8176DD55F19848239B57619BCF38CFC2.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2D93BAF2E4EC4605897B6D4C9F87B7F0.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 378F39EC2E0C4b4bB9E52429998EA1F4.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F0562EA2184B4810A277E38A3D4E441B.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 57C55D2C03754ea8BFD0BBAEE2FC4A24.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 12B5C59893E94b6692D98FEA6B15FE61.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 726D4B856FF047b687D64CD73F16B333.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E6FA516C80DE4ab7AD8DE31463861AC5.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 12DFC244A2CE462fA90D1A2E1D03B60C.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F4FC8FB967524c92BF35191D06046B32.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EF76D9C43F6E41138C17D6864748161D.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 77E6B9B09F344a9f8B49AFF2221AE814.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C24908DA041A42ba9924EE9346608FCB.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7828AB2D2DB04d7eA1DD4F03C9770B6D.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 89509DE3C2AC4cacACD835D06CC4D182.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 24A0C75408014d69963313DED7389354.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CC9954C16F434c2eA6B63D46ED440EDA.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 07BFBE2070E4413a96A901B9C94DCFEE.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EDEBA08AE36841c0B792B997683F2082.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9D0560D9E15C4108BA5AA7C9C4296659.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FC33AC914AC346ecBA884F9DC68A476D.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 38B3348BBD5E43c9AF0DCD3334A118E1.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 17E9F78F072248c9A6BAC6152FFE6FB1.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 89F0CCD1F23248b3864807BC7A772613.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT213C.tmp",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 62ACC1B140F94230A8D26B44FD464A00.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6B74DD2C108D411dA79B05EA14F27359.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 298B79F7AE494140B1C9734B00E3355A.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT12BA.tmp",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0A3A826706EA4d9888A38914A954AD7F.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1E34365B543F45bf8F6437CF9F24E8A6.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3C96581F2732447aBD75F94F27CB9F86.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0BB5B7402B1241e49EBD384F83DA8379.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 97603311D65C42c2BB9822167E9459B3.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8BD3F1219149472e94DEECF322C6ECC7.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.023.20070\BITB4A.tmp",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe","C:\Windows\Temp\961c6604-a758-44c2-a711-c6dc26991e52\mpengine.dll._p",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe","C:\Windows\Temp\961c6604-a758-44c2-a711-c6dc26991e52\mpasbase.vdm._p",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe","C:\Windows\Temp\961c6604-a758-44c2-a711-c6dc26991e52\mpasdlta.vdm",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe","C:\Windows\Temp\961c6604-a758-44c2-a711-c6dc26991e52\MPSigStub.exe",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c0cd719eae8f10284d98e56d8741845b\BITA7D5.tmp",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3F452B20C364447bB9BB83824A8B002F.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B29353180EF942b2BB0781DEBEFC0D78.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 049BAF0F348C4506AC1411BBF762ADE5.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BITCDB5.tmp",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4F14EBFE34D3426e9237EA46FBBE73B4.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D70B0A46A3014b178A003C4F2545AADE.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 981992C8986840aaBDE8F9379087D74B.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D2DAB73588384f978F6307AF4B8C55BB.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FBC9076D34B045f4BA961DF3A2733609.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 694208ADB29541c3BF2F025606669BD3.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 62748A43863C47e9935BEF84B59553F2.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A5C9543DCA904f5585F0631068719862.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0129030E4112416fA22C1E7176F92BB8.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9BF23429A8C2493eB8B5FD020C464FDA.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5427A797F9EC40d180C7128215E9C38F.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D83D8108E44D427f8657B17180FB3A6C.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D6C8B34B8CC14dfdA26367C4921ED5AF.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 814FE17E741A4926BCA1A6CF6F178C8F.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1FC18B213E604553B67A02CBE5C40797.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B898E716A8324a0d8B30F9F2406E713B.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ABA13EDA97004629B229B449F837B6FE.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0BAFDE4571FA4132816D2BA710603142.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C972E444971F44948F97BB05E6AB729C.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2609D02504C04484BE59538056B5E8C3.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0C072FC09E884c7d87C51EE66648592B.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8A66BB1EF3D944988C4731AD3CF430A3.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0C7A1FF0B61F4ad98BD12918AD3514E3.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FD3B27DFBFD540da8A05158192B65DAC.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3D927EADFCDD4b1aB84DC1691DED8CCC.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2E594232BF4C4f7995D28702EC830DB7.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 96572BD7C7474ccc8542C22D0E4AE812.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0EEA98479DC14bdb9C7E1706F6BBDC39.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 47C7587817E448129F24320DA825C0E0.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 69C126A1E36E482581F1C6A86D076136.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 51394E2E98F349ddACD15EF2285DA57F.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2FF591678B8646fe9414EC55496CD336.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FB9CCF31559F4227B65524A457DCA11F.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DB895627DAA6482597570DCC1F7C5319.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0A3FF2ED1A4148c2BDBABC5E6D6766D3.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 468D2F0D42134fe9B3E6774FDB3A50D4.ppd",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\J3NYNRH4EFLQYMD5VI52.temp",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-03-27T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D8B3AA3F27364b0492F8E14C0A12ABDF.ppd",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\FB16.tmp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\FA2B.tmp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 99BA9F044FEE4c5c90331AC585AC48D4.ppd",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 833097125C9C4de7B76FA3C75A11E513.ppd",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\94B4.tmp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ECAC90F7450D4bffAD4610B36936624A.ppd",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DD8BF4164A964385BB0CD24C5404096B.ppd",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B4CC55FFF45648f98E1FCF655C9434DB.ppd",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\c784a87.msp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\AA35.tmp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\2693a706-36e2-4747-99ff-88d7a10eadae\index-dir\temp-index",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\zzz_system.windows.forms.datavisualization.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.DataVisualization.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\zzz_system.windows.forms.datavisualization.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\XsdBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XsdBuildTask.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\XsdBuildTask.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\XsdBuildTask.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\XsdBuildTask.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\XsdBuildTask.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\XsdBuildTask.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\XamlBuildTask.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\XamlBuildTask.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\XamlBuildTask.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\XamlBuildTask.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\XamlBuildTask.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\WsatConfig.exe.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\WsatConfig.exe.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\wpfgfx_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\wpfgfx_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpf-etw.man",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\WpfEtwMan",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WorkflowServiceHostPerformanceCounters.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\WorkflowServiceHostPerformanceCounters.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\WorkflowServiceHostPerformanceCounters.dll.mui",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\WorkflowServiceHostPerformanceCounters.dll.mui.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\WorkflowServiceHostPerformanceCounters.dll.mui",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\WorkflowServiceHostPerformanceCounters.dll.mui.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WorkflowServiceHostPerformanceCounters.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\WorkflowServiceHostPerformanceCounters.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\wminet_utils_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WMINet_Utils.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\wminet_utils_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsFormsIntegration.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\WindowsFormsIntegration_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\WindowsFormsIntegration_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsFormsIntegration.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\WindowsFormsIntegration_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\WindowsBase_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\WindowsBase_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\WindowsBase_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\webengine4_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\webengine4.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\webengine4_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\webengine_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\webengine.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\webengine_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\UIAutomationTypes_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\UIAutomationTypes_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationTypes.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\UIAutomationTypes_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\UIAutomationProvider_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\UIAutomationProvider_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationProvider.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\UIAutomationProvider_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\UIAutomationClientsideProviders_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\UIAutomationClientsideProviders_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationClientsideProviders.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\UIAutomationClientsideProviders_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\UIAutomationClient_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\UIAutomationClient_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationClient.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\UIAutomationClient_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\TLBREF.DLL",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\tlbref_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\TLBREF.DLL",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\tlbref_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_xml_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_xml_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.XML.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_xml_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System_Xaml_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System_Xaml_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xaml.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System_Xaml_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Presentation.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System_Windows_Presentation_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System_Windows_Presentation_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Windows.Presentation.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System_Windows_Presentation_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System_Windows_Input_Manipulations_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System_Windows_Input_Manipulations_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System_Windows_Input_Manipulations_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.tlb",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_windows_forms_tlb_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.tlb",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_windows_forms_tlb_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_windows_forms_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_windows_forms_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_windows_forms_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Controls.Ribbon.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System_Windows_Controls_Ribbon_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Controls.Ribbon\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Controls.Ribbon.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System_Windows_Controls_Ribbon_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Windows.Controls.Ribbon.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System_Windows_Controls_Ribbon_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.tlb",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_web_tlb_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.tlb",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_web_tlb_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Services.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_web_services_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_web_services_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Services.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_web_services_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.RegularExpressions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_web_regularexpressions_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_web_regularexpressions_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.RegularExpressions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_web_regularexpressions_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Mobile.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_web_mobile_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_web_mobile_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Mobile.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_web_mobile_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_web_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_web_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_web_dll_gac_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_web_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Transactions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_transactions_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_transactions_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_transactions_dll_gac_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Transactions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_transactions_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.tlb",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_tlb_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.tlb",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_tlb_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceProcess.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_serviceprocess_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_serviceprocess_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceProcess.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_serviceprocess_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_security_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_security_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_security_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_runtime_serialization_formatters_soap_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_runtime_serialization_formatters_soap_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_runtime_serialization_formatters_soap_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_runtime_remoting_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_runtime_remoting_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Remoting.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_runtime_remoting_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.context.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_reflection_context_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Context\v4.0_4.0.0.0__b77a5c561934e089\System.Reflection.context.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_reflection_context_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.context.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_reflection_context_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Numerics.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_numerics_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_numerics_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Numerics.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_numerics_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.Http.WebRequest.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_net_http_webrequest_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http.WebRequest\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.WebRequest.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_net_http_webrequest_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Http.WebRequest.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_net_http_webrequest_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.Http.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_net_http_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_net_http_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Http.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_net_http_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Messaging.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_messaging_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_messaging_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Messaging.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_messaging_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_management_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_management_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Management.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_management_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Compression.FileSystem.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_io_compression_filesystem_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_io_compression_filesystem_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Compression.FileSystem.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_io_compression_filesystem_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Compression.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_io_compression_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_io_compression_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Compression.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_io_compression_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Wrapper.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.Wrapper.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.tlb",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_enterpriseservices_tlb_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.tlb",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_enterpriseservices_tlb_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_enterpriseservices_thunk_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.Thunk.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_enterpriseservices_thunk_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_enterpriseservices_wrapper_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_enterpriseservices_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_enterpriseservices_wrapper_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_enterpriseservices_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_enterpriseservices_wrapper_dll_gac_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_enterpriseservices_dll_gac_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_enterpriseservices_wrapper_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_enterpriseservices_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.tlb",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_drawing_tlb_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.tlb",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_drawing_tlb_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_drawing_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_drawing_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_drawing_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_drawing_design_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_drawing_design_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_drawing_design_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_directoryservices_protocols_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_directoryservices_protocols_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.Protocols.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_directoryservices_protocols_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_directoryservices_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_directoryservices_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_directoryservices_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Device.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_device_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_device_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Device.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_device_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_design_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_design_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_design_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_deployment_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_deployment_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Deployment.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_deployment_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.SqlXml.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_data_sqlxml_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_data_sqlxml_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.SqlXml.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_data_sqlxml_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.OracleClient.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_data_oracleclient_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_data_oracleclient_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_data_oracleclient_dll_gac_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.OracleClient.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_data_oracleclient_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_data_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_data_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_data_dll_gac_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_data_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.Install.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_configuration_install_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_configuration_install_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Configuration.Install.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_configuration_install_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_configuration_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_configuration_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Configuration.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_configuration_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Caching.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_caching_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_caching_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Caching.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system_caching_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Xml.XmlSerializer.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Xml.XmlSerializer.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Xml.XmlSerializer.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XDocument.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Xml.XDocument.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XDocument\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XDocument.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Xml.XDocument.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XDocument.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Xml.XDocument.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Xml.Serialization.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Xml.Serialization.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Xml.Serialization.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.ReaderWriter.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Xml.ReaderWriter.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.ReaderWriter\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.ReaderWriter.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Xml.ReaderWriter.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.ReaderWriter.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Xml.ReaderWriter.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Linq.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.xml.linq.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.xml.linq.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Linq.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.xml.linq.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Xaml.Hosting.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.Hosting.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Xaml.Hosting.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xaml.Hosting.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Xaml.Hosting.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.WorkflowServices.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.WorkflowServices.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.WorkflowServices.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.WorkflowServices.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.WorkflowServices.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Workflow.Runtime.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.Runtime.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Workflow.Runtime.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.Runtime.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Workflow.Runtime.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Workflow.ComponentModel.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.ComponentModel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Workflow.ComponentModel.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.ComponentModel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Workflow.ComponentModel.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Workflow.Activities.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.Activities.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Workflow.Activities.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.Activities.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Workflow.Activities.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.windows.forms.datavisualization.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.windows.forms.datavisualization.design.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.windows.forms.datavisualization.design.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.DataVisualization.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.windows.forms.datavisualization.design.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Windows.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Windows.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Windows.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Windows.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Routing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.routing.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.routing.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Routing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.routing.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.extensions.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.extensions.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Extensions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.extensions.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.extensions.design.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.extensions.design.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Extensions.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.extensions.design.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Entity.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.entity.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.entity.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Entity.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.entity.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Entity.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.entity.design.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.entity.design.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Entity.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.entity.design.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DynamicData.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.dynamicdata.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.dynamicdata.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DynamicData.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.dynamicdata.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DynamicData.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.dynamicdata.design.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.dynamicdata.design.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DynamicData.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.dynamicdata.design.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.datavisualization.design.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.datavisualization.design.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DataVisualization.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.datavisualization.design.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Web.ApplicationServices.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Web.ApplicationServices.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.ApplicationServices.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Web.ApplicationServices.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Abstractions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.abstractions.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.abstractions.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Abstractions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.web.abstractions.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Threading.Tasks.Parallel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Threading.Tasks.Parallel.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks.Parallel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.Parallel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Threading.Tasks.Parallel.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.Tasks.Parallel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Threading.Tasks.Parallel.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Threading.Tasks.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Threading.Tasks.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Threading.Tasks.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.Tasks.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Threading.Tasks.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Threading.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Threading.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Threading.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Threading.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Text.RegularExpressions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Text.RegularExpressions.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Text.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Text.RegularExpressions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Text.RegularExpressions.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Text.RegularExpressions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Text.RegularExpressions.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Text.Encoding.Extensions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Text.Encoding.Extensions.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Text.Encoding.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Text.Encoding.Extensions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Text.Encoding.Extensions.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Text.Encoding.Extensions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Text.Encoding.Extensions.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Text.Encoding.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Text.Encoding.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Text.Encoding\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Text.Encoding.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Text.Encoding.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Text.Encoding.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Text.Encoding.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Web.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Web.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Web.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Web.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Web.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.WasHosting.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.WasHosting.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.WasHosting.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.WasHosting.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.WasHosting.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.ServiceMoniker40.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.ServiceMoniker40.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.ServiceMoniker40.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.ServiceMoniker40.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.ServiceMoniker40.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Security.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Security.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.Security.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Security.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Security.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Security.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Routing.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Routing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Routing.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Routing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Routing.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Primitives.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Primitives.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.Primitives.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Primitives.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Primitives.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Primitives.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.NetTcp.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.NetTcp.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.NetTcp\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.NetTcp.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.NetTcp.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.NetTcp.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.NetTcp.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Internals.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Internals.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Internals.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Internals.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Internals.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Http.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Http.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.Http.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Http.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Http.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Http.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Duplex.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Duplex.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Duplex\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.Duplex.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Duplex.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Duplex.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Duplex.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Discovery.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Discovery.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Discovery.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Discovery.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Channels.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Channels.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Channels.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Channels.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Activities.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activities.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Activities.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Activities.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Activities.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Activation.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activation.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Activation.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Activation.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ServiceModel.Activation.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Security.Principal.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Security.Principal.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security.Principal\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.Principal.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Security.Principal.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.Principal.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Security.Principal.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.Xml.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.Xml.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.Xml.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.Primitives.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.Primitives.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.Primitives.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.Json.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.Json.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.Json.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Serialization.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Numerics.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Numerics.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Numerics\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Numerics.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Numerics.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Numerics.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Numerics.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.InteropServices.WindowsRuntime.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.InteropServices.WindowsRuntime.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices.WindowsRuntime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.WindowsRuntime.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.InteropServices.WindowsRuntime.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.InteropServices.WindowsRuntime.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.InteropServices.WindowsRuntime.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.InteropServices.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 88C2CB170D964a5a86F70AC1A7DB26B9.ppd",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.InteropServices.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.InteropServices.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.InteropServices.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.InteropServices.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Extensions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Extensions.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Extensions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Extensions.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Extensions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.Extensions.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.DurableInstancing.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.DurableInstancing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.DurableInstancing.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.DurableInstancing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.DurableInstancing.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Runtime.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Resources.ResourceManager.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Resources.ResourceManager.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Resources.ResourceManager\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Resources.ResourceManager.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Resources.ResourceManager.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Resources.ResourceManager.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Resources.ResourceManager.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.Primitives.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Reflection.Primitives.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Primitives.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Reflection.Primitives.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Primitives.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Reflection.Primitives.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.Extensions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Reflection.Extensions.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Extensions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Reflection.Extensions.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Extensions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Reflection.Extensions.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.Emit.Lightweight.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Reflection.Emit.Lightweight.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Emit.Lightweight\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Emit.Lightweight.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Reflection.Emit.Lightweight.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Emit.Lightweight.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Reflection.Emit.Lightweight.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.Emit.ILGeneration.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Reflection.Emit.ILGeneration.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Emit.ILGeneration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Emit.ILGeneration.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Reflection.Emit.ILGeneration.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Emit.ILGeneration.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Reflection.Emit.ILGeneration.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.Emit.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Reflection.Emit.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Emit\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Emit.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Reflection.Emit.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Emit.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Reflection.Emit.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Reflection.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Reflection.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Reflection.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Printing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Printing_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Printing_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Printing_gac_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Printing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Printing_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ObjectModel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ObjectModel.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ObjectModel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ObjectModel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ObjectModel.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ObjectModel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ObjectModel.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.Requests.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Net.Requests.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Requests\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Requests.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Net.Requests.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Requests.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Net.Requests.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.Primitives.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Net.Primitives.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Primitives.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Net.Primitives.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Primitives.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Net.Primitives.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.NetworkInformation.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Net.NetworkInformation.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.NetworkInformation\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.NetworkInformation.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Net.NetworkInformation.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.NetworkInformation.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Net.NetworkInformation.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.Http.Rtc.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Net.Http.Rtc.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http.Rtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.Rtc.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Net.Http.Rtc.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Http.Rtc.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Net.Http.Rtc.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.net.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.net.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.net.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.Instrumentation.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.management.instrumentation.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.management.instrumentation.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Management.Instrumentation.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.management.instrumentation.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Linq.Queryable.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Linq.Queryable.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq.Queryable\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.Queryable.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Linq.Queryable.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.Queryable.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Linq.Queryable.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Linq.Parallel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Linq.Parallel.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq.Parallel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.Parallel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Linq.Parallel.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.Parallel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Linq.Parallel.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Linq.Expressions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Linq.Expressions.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq.Expressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.Expressions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Linq.Expressions.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.Expressions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Linq.Expressions.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Linq.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Linq.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Linq.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Linq.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.IO.Log.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Log.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.IO.Log.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Log.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.IO.Log.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IO.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.IO.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.IO.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.IO.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Services.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.identitymodel.services.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Services\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Services.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.identitymodel.services.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.Services.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.identitymodel.services.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.IdentityModel.Selectors.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Selectors.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.IdentityModel.Selectors.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.Selectors.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.IdentityModel.Selectors.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.IdentityModel.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.IdentityModel.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.IdentityModel.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Globalization.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Globalization.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Globalization\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Globalization.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Globalization.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Globalization.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Globalization.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.Runtime.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Dynamic.Runtime.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.Runtime.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Dynamic.Runtime.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Dynamic.Runtime.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Dynamic.Runtime.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.dynamic.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.dynamic.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Dynamic.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.dynamic.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.AccountManagement.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.directoryservices.accountmanagement.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.directoryservices.accountmanagement.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.AccountManagement.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.directoryservices.accountmanagement.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Tracing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Diagnostics.Tracing.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tracing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Tracing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Diagnostics.Tracing.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Tracing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Diagnostics.Tracing.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Tools.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Diagnostics.Tools.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tools\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Tools.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Diagnostics.Tools.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Tools.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Diagnostics.Tools.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Debug.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Diagnostics.Debug.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Debug\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Debug.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Diagnostics.Debug.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Debug.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Diagnostics.Debug.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Contracts.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Diagnostics.Contracts.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Contracts\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Contracts.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Diagnostics.Contracts.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Contracts.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Diagnostics.Contracts.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.services.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.services.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.services.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.services.design.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.services.design.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.services.design.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Client.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.services.client.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.services.client.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.Client.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.services.client.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Linq.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.linq.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.linq.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Linq.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.linq.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.entity.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.entity.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Entity.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.entity.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.entity.design.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.entity.design.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Entity.Design.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.entity.design.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.datasetextensions.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.datasetextensions.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.DataSetExtensions.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.data.datasetextensions.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.core.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.core.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Core.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.core.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.EventBasedAsync.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ComponentModel.EventBasedAsync.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.EventBasedAsync\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ComponentModel.EventBasedAsync.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ComponentModel.EventBasedAsync.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.EventBasedAsync.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ComponentModel.EventBasedAsync.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ComponentModel.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ComponentModel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ComponentModel.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ComponentModel.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.componentmodel.dataannotations.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.componentmodel.dataannotations.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.DataAnnotations.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.componentmodel.dataannotations.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.componentmodel.composition.registration.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.componentmodel.composition.registration.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition.Registration\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.Registration.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.componentmodel.composition.registration.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\system.componentmodel.composition.registration.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.componentmodel.composition.registration.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Composition.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.componentmodel.composition.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.componentmodel.composition.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.Composition.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.componentmodel.composition.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Annotations.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ComponentModel.Annotations.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Annotations\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ComponentModel.Annotations.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ComponentModel.Annotations.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.Annotations.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.ComponentModel.Annotations.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Collections.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Collections.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Collections.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Collections.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Collections.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Collections.Concurrent.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Collections.Concurrent.dll_facade_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections.Concurrent\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.Concurrent.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Collections.Concurrent.dll_facade_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Collections.Concurrent.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Collections.Concurrent.dll_facade_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.addin.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.addin.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.AddIn.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.addin.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.Contract.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.addin.contract.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.addin.contract.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.AddIn.Contract.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\system.addin.contract.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Activities.Presentation.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Presentation.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Activities.Presentation.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.Presentation.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Activities.Presentation.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Activities.DurableInstancing.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.DurableInstancing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Activities.DurableInstancing.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.DurableInstancing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Activities.DurableInstancing.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Activities.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Activities.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Activities.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Activities.Core.Presentation.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Core.Presentation.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Activities.Core.Presentation.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.Core.Presentation.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\System.Activities.Core.Presentation.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\sysglobl.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\sysglobl_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\sysglobl_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\sysglobl.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\sysglobl_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Speech.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Speech_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Speech_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Speech.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Speech_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\sos_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\sos_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\SMSvcHost.exe.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\SMSvcHost.exe.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\SMDiagnostics.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\SMDiagnostics.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMDiagnostics.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\SMDiagnostics.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceMonikerSupport.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceMonikerSupport.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceMonikerSupport.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceMonikerSupport.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelRegUI.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceModelRegUI.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\ServiceModelRegUI.dll.mui",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceModelRegUI.dll.mui.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\ServiceModelRegUI.dll.mui",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceModelRegUI.dll.mui.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelRegUI.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceModelRegUI.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceModelReg.exe.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceModelReg.exe.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelPerformanceCounters.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceModelPerformanceCounters.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\ServiceModelPerformanceCounters.dll.mui",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceModelPerformanceCounters.dll.mui.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\ServiceModelPerformanceCounters.dll.mui",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceModelPerformanceCounters.dll.mui.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelPerformanceCounters.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceModelPerformanceCounters.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceModelInstallRC.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\ServiceModelInstallRC.dll.mui",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceModelInstallRC.dll.mui.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\ServiceModelInstallRC.dll.mui",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceModelInstallRC.dll.mui.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceModelInstallRC.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceModelEvents.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\ServiceModelEvents.dll.mui",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceModelEvents.dll.mui.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\ServiceModelEvents.dll.mui",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceModelEvents.dll.mui.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ServiceModelEvents.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\regtlibv12_exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\regtlibv12_exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\regsvcs_exe_config_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\regsvcs_exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\regsvcs_exe_config_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\regsvcs_exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\regasm_exe_config_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\regasm_exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\regasm_exe_config_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\regasm_exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ReachFramework.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ReachFramework_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ReachFramework_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\ReachFramework.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ReachFramework_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationUI.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationUI_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationUI_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationUI.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationUI_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationNative_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationNative_v0400.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationNative_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\en-US\PresentationHost_v0400.dll.mui",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationHostDLL_x86.dll.mui",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationHostDLL_X86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\en-US\PresentationHost_v0400.dll.mui",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationHostDLL_amd64.dll.mui",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationHost_v0400.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationHostDLL_AMD64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F4DDF1D0F6414d8d988A609C614692EA.ppd",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemXmlLinq.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework_SystemXmlLinq_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXmlLinq\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXmlLinq.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework_SystemXmlLinq_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemXmlLinq.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework_SystemXmlLinq_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemXml.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework_SystemXml_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework_SystemXml_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemXml.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework_SystemXml_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemDrawing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework_SystemDrawing_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemDrawing\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemDrawing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework_SystemDrawing_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemDrawing.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework_SystemDrawing_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemData.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework_SystemData_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemData\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemData.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework_SystemData_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemData.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework_SystemData_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemCore.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework_SystemCore_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework_SystemCore_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemCore.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework_SystemCore_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Royale.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework.Royale_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework.Royale_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Royale.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework.Royale_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Luna.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework.Luna_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework.Luna_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Luna.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework.Luna_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Classic.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework.Classic_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework.Classic_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Classic.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework.Classic_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.AeroLite.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework.AeroLite.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.AeroLite\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.AeroLite.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework.AeroLite.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.AeroLite.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework.AeroLite.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Aero.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework.Aero_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework.Aero_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Aero.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationFramework.Aero_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationCore_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationCore_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationCore_gac_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationCore_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationBuildTasks.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationBuildTasks_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationBuildTasks_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationBuildTasks.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PresentationBuildTasks_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\peverify.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\peverify_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\peverify.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\peverify_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\perfcounter_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\PerfCounter.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\perfcounter_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PenIMC_X86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\PenIMC_AMD64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\normalization.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normalization_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\normalization.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normalization_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\sortdefault_nlp_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\nlssorting_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\sortdefault_nlp_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\nlssorting_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\NlsLexicons0009_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\NlsLexicons0009.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\NlsLexicons0009_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsData0009.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\NlsData0009_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\NlsData0009.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\NlsData0009_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ngen_exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ngen_exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\NaturalLanguage6.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\NaturalLanguage6_x86.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\NaturalLanguage6.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\NaturalLanguage6_amd64.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\msvcr120_clr0400.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\7D3C.tmp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\msvcr120_clr0400_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\msvcr120_clr0400.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\msvcr120_clr0400_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\msvcr100_clr0400.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\msvcr100_clr0400_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\msvcr100_clr0400.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\msvcr100_clr0400_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\msvcr110_clr0400.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\msvcr_clr_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\msvcr110_clr0400.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\msvcr_clr_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\msvcp120_clr0400.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\msvcp120_clr0400_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\msvcp120_clr0400.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\msvcp120_clr0400_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\msvcp110_clr0400.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\msvcp_clr_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\msvcp110_clr0400.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\msvcp_clr_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorsvw_exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorsvw_exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorsvc_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorsvc_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsn.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorsn_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsn.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorsn_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\MUI\0409\mscorsecr.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorsecr_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MUI\0409\mscorsecr.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorsecr_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsecimpl.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorsecimpl_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsecimpl.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorsecimpl_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorrc_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorrc_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorpehost_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorpehost_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpe.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorpe_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpe.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorpe_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normidna_nlp_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normnfkd_nlp_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normnfkc_nlp_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normnfd_nlp_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normnfc_nlp_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorlib_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normidna_nlp_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normnfkd_nlp_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normnfkc_nlp_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normnfd_nlp_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normnfc_nlp_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorlib_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normidna_nlp_gac_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normnfkd_nlp_gac_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normnfkc_nlp_gac_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normnfd_nlp_gac_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normnfc_nlp_gac_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorlib_dll_gac_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normidna_nlp_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normnfkd_nlp_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normnfkc_nlp_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normnfd_nlp_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\normnfc_nlp_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscorlib_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreeis.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscoreeis_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreeis.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscoreeis_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscoreei_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscoreei_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.tlb",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscoree_tlb_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoree.tlb",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscoree_tlb_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscordbi_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscordbi_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscordacwks_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mscordacwks_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\msbuild.exe.config_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\msbuild.exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\msbuild.exe.config_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\msbuild.exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\MmcAspExt.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mmcaspext_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MmcAspExt.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\mmcaspext_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft_visualc_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft_visualc_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualC.Dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft_visualc_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft_visualbasic_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft_visualbasic_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft_visualbasic_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft_visualbasic_compatibility_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft_visualbasic_compatibility_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft_visualbasic_compatibility_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft_visualbasic_compatibility_data_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft_visualbasic_compatibility_data_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft_visualbasic_compatibility_data_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.tlb",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft_jscript_tlb_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.JScript.tlb",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft_jscript_tlb_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft_jscript_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft_jscript_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.JScript.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft_jscript_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Microsoft.Workflow.Compiler.exe_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Microsoft.Workflow.Compiler.exe.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Microsoft.Workflow.Compiler.exe.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Microsoft.Windows.ApplicationServer.Applications.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Windows.ApplicationServer.Applications.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Microsoft.Windows.ApplicationServer.Applications.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 71BA4C15ABE64d4b94C6FD6E42CFD31E.ppd",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\Microsoft.Windows.ApplicationServer.Applications.dll.mui",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Microsoft.Windows.ApplicationServer.Applications.dll.mui.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\Microsoft.Windows.ApplicationServer.Applications.dll.mui",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Microsoft.Windows.ApplicationServer.Applications.dll.mui.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Windows.ApplicationServer.Applications.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Microsoft.Windows.ApplicationServer.Applications.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.STLCLR.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.visualc.stlclr.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.visualc.stlclr.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualC.STLCLR.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.visualc.stlclr.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Microsoft.Transactions.Bridge.Dtc.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Microsoft.Transactions.Bridge.Dtc.dll_gac_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Microsoft.Transactions.Bridge.Dtc.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Microsoft.Transactions.Bridge.Dtc.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Microsoft.Transactions.Bridge.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Microsoft.Transactions.Bridge.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Transactions.Bridge.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Microsoft.Transactions.Bridge.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Internal.Tasks.Dataflow.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.internal.tasks.dataflow.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Internal.Tasks.Dataflow\v4.0_4.0.0.0__b77a5c561934e089\Microsoft.Internal.Tasks.Dataflow.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.internal.tasks.dataflow.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Internal.Tasks.Dataflow.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.internal.tasks.dataflow.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Data.Entity.Build.Tasks.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.data.entity.build.tasks.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Data.Entity.Build.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Data.Entity.Build.Tasks.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.data.entity.build.tasks.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Data.Entity.Build.Tasks.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.data.entity.build.tasks.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.CSharp.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.csharp.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.csharp.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.CSharp.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.csharp.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Utilities.v4.0.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.build.utilities.v4.0.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.build.utilities.v4.0.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Utilities.v4.0.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.build.utilities.v4.0.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.build.tasks.v4.0.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.build.tasks.v4.0.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.build.tasks.v4.0.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Framework.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.build.framework.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.build.framework.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Framework.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.build.framework.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Engine.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.build.engine.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.build.engine.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Engine.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.build.engine.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.build.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.build.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.build.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Conversion.v4.0.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.build.conversion.v4.0.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.build.conversion.v4.0.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Conversion.v4.0.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\microsoft.build.conversion.v4.0.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Activities.Build\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Activities.Build.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Microsoft.Activities.Build.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Activities.Build.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Microsoft.Activities.Build.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Activities.Build.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\Microsoft.Activities.Build.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\locale.nlp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\locale.nlp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\jsc.exe.config_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\jsc.exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\jsc.exe.config_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\jsc.exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ISymWrapper.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\isymwrapper_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\isymwrapper_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\isymwrapper_dll_gac_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ISymWrapper.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\isymwrapper_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtilLib.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\installutillib_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtilLib.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\installutillib_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\installutil_exe_config_client_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\installutil_exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\installutil_exe_config_client_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\installutil_exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ilasm.exe.config_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ilasm.exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ilasm.exe.config_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ilasm.exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\fusion_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\fusion.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\fusion_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\FileTrackerUI.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\FL_FileTrackerUI_dll_x86_ln",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\FileTrackerUI.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\FL_FileTrackerUI_dll_amd64_ln",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\FileTracker.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\FL_FileTracker_dll_ln_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\FileTracker.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\FL_FileTracker_dll_ln_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\eventlogmessages_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\eventlogmessages_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\edmgen.exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\edmgen.exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\diasymreader_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\diasymreader.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\diasymreader_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\dfsvc_exe_config_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\dfsvc_exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\dfsvc_exe_config_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\dfsvc_exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\dfdll_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfdll.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\dfdll_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\datasvcutil.exe.config_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\datasvcutil.exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\datasvcutil.exe.config_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\datasvcutil.exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\CvtResUI.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\cvtresui_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\CvtResUI.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\cvtresui_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\cvtres_exe_config_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\cvtres_exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\cvtres_exe_config_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\cvtres_exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\CustomMarshalers.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\custommarshalers_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\custommarshalers_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\custommarshalers_dll_gac_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CustomMarshalers.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\custommarshalers_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\locale_nlp_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\culture_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\locale_nlp_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\culture_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\cscompui.dll_x86_enu",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\cscui.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\cscompui.dll_amd64_enu",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\csc.exe.config_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\csc.exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\csc.exe.config_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\csc.exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\corperfmonext_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CORPerfMonExt.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\corperfmonext_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ComSvcConfig.exe.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\ComSvcConfig.exe.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\clrjit_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\clrjit_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clretwrc.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\clr_etw_man_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\clretwrc_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clretwrc.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\clr_etw_man_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\clretwrc_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrcompression.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\clrcompression_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrcompression.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\clrcompression_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\clr_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\clr_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\caspol_exe_config_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\caspol_exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\caspol_exe_config_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\caspol_exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\AspNetMMCExt.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnetmmcext_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnetmmcext_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AspNetMMCExt.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnetmmcext_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_wp_exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_wp_exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_state_exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_state_exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_regsql_exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_regsql_exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_regiis_exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_regiis_exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_regbrowsers_exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_regbrowsers_exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_rc.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_rc_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_rc_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_perf_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Aspnet_perf.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_perf_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_isapi_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_isapi_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_filter.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_filter_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_filter.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_filter_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\aspnet_counters.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_counters_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\aspnet_counters.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_counters_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_compiler_exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\aspnet_compiler_exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\applaunch_exe_config_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\applaunch_exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\applaunch_exe_config_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\applaunch_exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\alinkui.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\alinkui.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\alinkui.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\alinkui.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\alink.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\alink.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\alink.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\AdoNetDiag.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\adonetdiag_mof_uninstall_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\adonetdiag_mof_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\adonetdiag_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AdoNetDiag.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\adonetdiag_mof_uninstall_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\adonetdiag_mof_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\adonetdiag_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\addinutil.exe.config_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\addinutil.exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\addinutil.exe.config_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\addinutil.exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\addinprocess32.exe.config_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\addinprocess32.exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\addinprocess32.exe.config_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\addinprocess32.exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\addinprocess.exe.config_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\addinprocess.exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\addinprocess.exe.config_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\addinprocess.exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Accessibility.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\accessibility_dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\accessibility_dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Accessibility.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\accessibility_dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\vbc7ui.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\_030_vbc7ui.dll_x86_enu",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\vbc7ui.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\_030_vbc7ui.dll_amd64_enu",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\_027_Microsoft.VisualBasic.Activities.CompilerUI.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\_027_Microsoft.VisualBasic.Activities.CompilerUI.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\vbc.exe.config_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\_023_vbc.exe_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\vbc.exe.config_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\_023_vbc.exe_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\_020_Microsoft.VisualBasic.Activities.Compiler.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\_020_Microsoft.VisualBasic.Activities.Compiler.dll_gac_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\_020_Microsoft.VisualBasic.Activities.Compiler.dll.x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\_020_Microsoft.VisualBasic.Activities.Compiler.dll.amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\_001_system.web.datavisualization.dll_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\_001_system.web.datavisualization.dll_gac_x86",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DataVisualization.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\6414876250E69FF3395387C6C7F05BEB\4.5.51209\_001_system.web.datavisualization.dll_amd64",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\c78473e.msp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\3F9F.tmp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\NDP45-KB3210139.msp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\sqmapi.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\SetupUi.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1043\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1032\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\3082\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1038\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1036\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\2070\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1049\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1046\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1045\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1040\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1035\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1055\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1053\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1044\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1033\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1037\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1041\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1042\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1031\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1029\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1030\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1025\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1028\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\2052\SetupResources.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\SetupEngine.dll",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\SetupUtility.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\Setup.exe",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1053\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\2070\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\2052\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1055\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1046\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\3082\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1049\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1045\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1044\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1043\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1042\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1038\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1041\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1040\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1037\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1033\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1036\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1032\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1035\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1031\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1028\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1029\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1030\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1025\eula.rtf",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\DHtmlHeader.html",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\SetupUi.xsd",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\UiInfo.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\Strings.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\ParameterInfo.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1045\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\2070\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1049\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1044\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1046\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1055\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1053\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1032\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1036\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1031\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1038\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\3082\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1040\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1043\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1035\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1033\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1037\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1041\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1042\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1029\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1030\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1025\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\1028\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\2052\LocalizedData.xml",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\Graphics\warn.ico",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\Graphics\SysReqNotMet.ico",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\Graphics\SysReqMet.ico",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\Graphics\stop.ico",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\Graphics\Setup.ico",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\Graphics\Save.ico",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\Graphics\Rotate8.ico",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\Graphics\Rotate7.ico",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\Graphics\Rotate6.ico",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\Graphics\Rotate5.ico",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\Graphics\Rotate4.ico",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\Graphics\Rotate3.ico",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\Graphics\Rotate2.ico",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\Graphics\Rotate1.ico",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\Graphics\Print.ico",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\watermark.bmp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\SplashScreen.bmp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB3210139-x64.exe","C:\c9e9d05b6dc5a0d24f9d\header.bmp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\F249.tmp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 055FD10BC1264378B0A73FB54278DB4F.ppd",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BD6A722713394db388310F323781A434.ppd",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5F985C4A99A94411A4D9F6BB200400A1.ppd",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\2693a706-36e2-4747-99ff-88d7a10eadae\index-dir\temp-index",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\900D.tmp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\b5786273-786b-4ae8-b343-08e7fb79eaf2\index-dir\temp-index",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\56A5.tmp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\5608.tmp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\554C.tmp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\554B.tmp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\5421.tmp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VRBGH514FYAMX151GXW8.temp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\b5786273-786b-4ae8-b343-08e7fb79eaf2\index-dir\temp-index",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\b5786273-786b-4ae8-b343-08e7fb79eaf2\index-dir\temp-index",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\b5786273-786b-4ae8-b343-08e7fb79eaf2\index-dir\temp-index",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\b5786273-786b-4ae8-b343-08e7fb79eaf2\index-dir\temp-index",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\b5786273-786b-4ae8-b343-08e7fb79eaf2\index-dir\temp-index",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\b5786273-786b-4ae8-b343-08e7fb79eaf2\index-dir\temp-index",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\b5786273-786b-4ae8-b343-08e7fb79eaf2\index-dir\temp-index",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\b5786273-786b-4ae8-b343-08e7fb79eaf2\index-dir\temp-index",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\LOG",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\b5786273-786b-4ae8-b343-08e7fb79eaf2\index-dir\temp-index",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\b5786273-786b-4ae8-b343-08e7fb79eaf2\index-dir\temp-index",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\b5786273-786b-4ae8-b343-08e7fb79eaf2\index-dir\temp-index",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1915F50E3A904dd49054FFD9B4384E22.ppd",2
"2017-03-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 98D3A72D2C084fb0A0BDDF83A03B6228.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A6B0938E22D444a582F06E55C916F29E.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2A6DE6FF932D4f19ACE30AF65EB37112.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FD383E9CB01941569866802BCD17756D.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 59F671DED6834d12AECF5E2D0D67648E.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2781CD590B0B4d2983DFD505F29BEA69.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AC09F9C902D84fb39D8AFC90A22DD347.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AE6C20F18C4B4bf5903D066CEE015EA6.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3EA1623545D7499399BFE6CE75D9A54A.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1C1B5210797349cbB1E2A66D54BF8438.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4AC5F0139A114dcfA4CAC193E403B9A9.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E400278AA46842898F06BDA2C59F9DA6.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F53069F7327B414dB5E63DCFC08B0514.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 98DF89DB3AE84a34BDF7AD866AA74420.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F2B56F89C47E4030B361588087129DDA.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3F8634312318400eB8B54139BD635ECB.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D115CD2359394f17B24488C7239EC596.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8E56D729BC6745b8ADC892BFB2BA51FB.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 16E3E10B66814baeA9A3F1C17FB475C9.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5EE2464B961348dfBB39BB3218D378D2.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 87961B81B3D1450e80450CC901163A27.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AFEF9F941AD24dea953802CCC3943FE0.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C02D9C2B9DB948cfBB8064A6FAD88AC0.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D4EC51B647F242ce94D8A8B08EE943B3.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0F1319B332844f74948EF32F709B3249.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4173E62B9E2841c59BD1F5C838ACA8BE.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7A19B5DCEA974ae483D2492426FA5E5A.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 63AE2C8CCF474921AB0DC1EF83A6FACF.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F03CD6BF770A48a08A7FC1C93E74C8DF.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C6BE5F464CBE4748B9AA9AF4F6181881.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 306E3F62A7E747749D6E79D4BB39EA05.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2E5C00AFE1CF4f7cB372BEB148B9BCD5.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 74F45D11256B4f3eA1E3A7009D752319.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 80A85FC5B5D944f4B793D39B150DA669.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2645E835586B47d68DEDBE0940F2A9F9.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A792122F093E4ff0B111943B857B903C.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C325C924D27048b6BB31723F4DAFB635.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F96F7428197B4b7995A4E8FEA1046841.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 45224D5E5B6549aaBB73279D3ED03303.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F551BBA2C165484f84FEB36C73139E03.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4BBF5CAC03A54fb28E0DFEBBBC06ADA2.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9ED75FE4D01144aa8308CFF80CFAEFB2.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 49C277E8EBD34fc78778C622D9DC2829.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DFEA7808694444c5BE350F6FF16A7259.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 81941A6FABDD4e1f985319DD1CCDE1D2.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1B7520E523314f5a9883287B5F2E3521.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 33A53E45C9F6477d99EBB3B57B8741E0.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 54D0A6BBB1E74455A525B3D2EE8899DC.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 26BFC8B106E24de7BE005B0CB380A009.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4DCB3B14A66E4a97AF05C176F26BBF03.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4B6F903EA2364a3c983E55753FC6C8C5.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BFBE55ADD03D4ff2820C6CCA79F4699D.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 094432803182469b8564A525F8A9536B.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B9738A5375DF44e7A0405388D9C1A7ED.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8D914A18B0474c8996DAD2E4964CE81D.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4BFE7A2A46D043c294DF137AE6E820B4.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 93A2FEFD99494fe181F96B408193709D.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E4FA897747E34ddaB516DB2646FB6AB8.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BF0D2C96F05E4c60BC82FB3102F506F5.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C992572AF2EB46089E3AAB197797A41B.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6977A1FDB9FF4c029C257BCC6923A8F6.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4A67699A3CD042af9E8ECF4E3D7BD941.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AE70F54C48EE487990DB2144EF9EA544.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8A9377C7755F4b7aB3759794E9384C41.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E442B312C2764fb2AC74212640FFDFDA.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 75A2B524627E40bc8250FFF9CBBAE882.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1B19FF7CEA274ff6986502E6B91E89B9.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1D0A75F5B106400c9127344BE44F814A.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5084935ED7A9431d9E09CD983BE6F432.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5C9527A5EEDD4c2a9DD5FFB7002F95C0.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DD8A0EC604064932B947EC05E007DCF0.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F290E75CFD964ef09E1AE2AB915AD057.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9C55F2EFD3594cd5B9AC6D66CFA90C0C.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3FE3D28744CE4d98AA805DA7396C4CAC.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6AC4506811CE4207A43D8B8494843FAE.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8FCACF61B71040819B13C822579F3E3E.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7ECDC049C1BC4a6f998450D10341134C.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F5A5E82984334457928687CB3ADEF746.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 23AB9393460540fbAE01F33986B4302E.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3FDF14694EB843f197A5E237F3B2D6B1.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 74AA84A33F8C4c898980BF54F7017900.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 40DB57F3C74F481d9096840774C98E73.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E1DFCC3837AD4c82BB21DF2B7C3FAEF7.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6B5C2841750147ec8F4C648B769F6BF3.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8F09CF15FCE54ec887E3FA7EF0A563EC.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8AF4784FA8384062A7966E7ED7DF9071.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F7F1E2DEE8BE4796BDC753D7688599B1.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ED93FBB54EF441d2897BB7A06696B3C5.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FE9EF945641E43ccAD0F1B4F9E03BF49.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 357B57DBBB304ea69AF00D4D9DFA40FC.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0B5591E2C271426e920D98BD041B3C37.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F1C9317A2A1745ad9C012C8364ACF54A.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 92041F1718CC472bAA9C82923DDDA65B.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2669EAC5B8004edfA9ECF404F0E92FC9.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 439EE5C891DA43eb9914E051AE1D8C87.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 478F6CFEB06D4d58BF49FC49B2D9A8BA.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5456F2984A1E48da96793ED1A8F762AF.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 02AE576031634187B5B8FEB67F0229EE.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 868C37C200CE431f83A44EDCE649D5AA.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 81C2545BFFB641559B39DC2C0963702A.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BB6290FAEE094eec8E5348FEC1F08E4F.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B48EF6BAA0A84ee0BDA793781EF90178.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D4C6BC6CD6294d12A2F9F5DD4A3DEC0D.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 266DD595727B4aeeB04114D866CC126C.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EC5FB7EDED774bafBA1E184D8E1C483B.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3636736A453F47028EF5326F4A0EDE40.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 12C1B1D05CE04e1094441FF6C468CB46.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F53B2D6DF3F44048BB8FF54A3623FBA8.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9559B994B14A4cb89FBB165D28CB3623.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 41DFBA230F074dabB6A1EC0B0879F24F.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 713FAD85D97247389455C9C8477C33CE.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 57520AB282D640399E9F141E8E8B7C77.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 69056A4B34CD4447A677F0C56140CA4A.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 020C546D24354eb29FAA0B8DF78AECC4.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1CE1BF51783840c9BAA0CE483FEF99B8.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 19A71ECD74B14863A38C93056070C06B.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D8A5D852618C4774AE492139D5ED9B6E.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CB520083D4B34dfeA5818409D6B4E42C.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3DD71A38C78745388313B416BF49789E.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 38CA7DEA163B475dA7F691B2833137DD.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E1438F6AE9FD4c8c854B4972F42D4FAB.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AE3781321885439d999F98E87C199175.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CE0377E8E932474fB6FBC29D6A2019EA.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C74F980D7BB0405bA02828BAF64771B8.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 28BC52ED7A224b289FB9ED6DCFB6FD9B.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 212D547B10354a88A75647C118E94AA7.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4BF02A31DC5A41a1A300377354B4D84F.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F66D4EE0CCDA482391110444FA12D2DB.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 16E01F0AAF364fe0B4B2FF4627E48D2E.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BC70B5E3BFFF498eB47B7539AE2D7DB9.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EACF453A535348008D2EF4E98339CD84.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7A3AE3CDE81648ab88E398EED83FCEA5.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 380647A3D2174f7c9E9A093073C76D81.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 96D77B54515B48dc993C1D0B2F6194E1.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 083F820E192C444bBA82C935EEA72459.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6446A9BAC9E742d0A088CE096659B2F9.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CF2990B775194c4c9426B4EF4E963AE5.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CDA973DFA91C4577A8EC79D256514E77.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5C9849FE0ACC4c06B84F5F7D1C964EAD.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 41E659B3607043e9BE1E12DAE365E47B.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 593DDD960BE34a959CA038F71BAEF277.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2CBE07B7DF7D45deAA67FB350AF88BFC.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 81CCC90AFED2407aAB5A3712A5D7ACAE.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9E1A1C4613F8484fAA58661325EA8944.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 45BB5280FCE2461198200FF5DEBA4DB0.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EE4DB6FEEF0342b1B705477B0D15EA76.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C2F3F9499549459dB5EC9B6F30C04500.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B78746A08ED94f75ABB9CF2089110F62.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4B0BA98DA37F43f58D58DC808B4EEB12.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2C503653F53940ee858B0D74FC0D9FF3.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A64F49B58E8443f7909ADA0E28F91B76.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E82891DA92534da8AB1724E8C9C48CA5.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 91733A8A3454436889B140FC6FBD40DF.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C0D1ACFE9E04462bA6EC404DA2F87958.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 150E26B3C5F646bcA7CDB235A315FF91.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 10DFB7DD8F1A42758801B7CE1E4E1D20.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 37335E4A369E4735967A12DB7B88A7E1.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D8560C8C0E8C45638BB2CBAC2E58006E.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AE8FADD2027A4f28AD67040899323DBD.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CA4960CDB9F54edcB40FA136D296DFC8.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 874174DFCC324d759ACF26CFA7F0CA4C.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A7B2026C73AA434e90837DC8B433B9D6.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 596A8B96A8AF468b95FB6734813F78C3.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FF1571BF7FB04e33BAAF1CBE3008A2C6.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 721FC28C337748e691FBBF9ACA92B257.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CC0220D6DCC545b3A5BE193AA2C1CE2D.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 313E2125DFBA45a9BA38073E25E8A4CE.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 62EEB6D866D64e62920F3C677A005EBA.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AF0B4278A11C4556AE92CFF81D17E573.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 80A261B656B54930BB4513997D4A182A.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 53D11B6E0DCD4b19B5356DDBCD873C1E.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D5AC71B709E04ed7AA98F3AACFF274C8.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8B502F833955467b814885712692833A.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FE57294F62F141a088FBE7358512A0EA.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 937463B03FC54c3eA8DB43F04C0FF246.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 08BBFB409F094d96A5E9FF38CA7B00BB.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9522CD12AA904027BDFA67F76FDAC17D.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 49BF7335401A40ebA3718D6B5051C318.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D2F841FEFE0C4c309CD9886A06D5BC74.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2407F9C11F5B4525BA44B4BFBAA9BCEA.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C438265EF5FA4d2bB8B51B1FB5B5A2F7.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A4C51A1262394b6d8AB2A7C44C6BDB70.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 659BD52EA0FE4dadACB566A35D33A735.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5423B2B4051E4ab89C2EAC593E435955.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DD8F5919C3E44e068CDDDC64173EC219.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1D04F7E2B0894979A242F3BDE46B9251.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BF3B520DE49F4487A8CA535BFA4CDA36.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 90EA9DFFFF6C487bBC0C474642C95B79.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 15FE0ED901F34824AFD998AD3A35F649.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2B662BA9E4694db6BDB17C6F667F823B.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 27285E69DB2948378504EAB5DAF48B18.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7092F397AF7C4cb4A0BC77CAE6585A38.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EAA767D8DBFE48adA980B812723BF3D4.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 390FFD5D50AB4964ADEF4CA7BEC9113F.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7C417A220AC74418B4480DB4A7F5152E.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2D95AD5A3C204d34A9F8179509AFCDE5.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 10887286529242e68D3BD7625C2ABB88.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 287186EC4F4C4dc19B840E37B028A4EC.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BB5F0D864C8D456299C49D1438AF4F4A.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F91C7010309141baA4E31A9719C73BE1.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F7BFEFB4CE4F42be8AEBD23D2FE86056.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 58C647D1F0094af58F15A58D5B7CA572.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1CD81985224F466cBCFB4A8C3EE61CBB.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 593926FE4718417cAF978FFE2D441D80.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 66D9E848E36344069624AC6BE74DB7F7.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 73FC708B2E3B45649AEDCC18DEB64A0C.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 015E693FA9DC4b5c9B09F7358A52ADA8.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 50E41045C4754a2c88763A98B2C946AE.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FC5A49D9643F47f3AB2B4FA0C1E3B344.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 65F36FD3B5F0402591D77A83B652A0A5.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C059AEE0F20341ee85E9AE4C27A250FF.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9E9E375B7BAA4d3d9633A483A6DA3DF7.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D30609380C7B4c41B253532CC39DC930.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3213164A56A9463a82E5AA027CBB23BE.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1ABBE386D86A4751905365017E427D7D.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 34FC5469F7C046c58A491C6D734235A6.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E3043A92AA3748b892FF477F67C1510F.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 47E286321C204b558C8FF842B2AE65F5.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4E6C025E284547a6B0DBD013BEF4DEA2.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 947630B117E74176B67FFDEF5F3B851A.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 69C4DD4064014cc3BC69C2985D58146B.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 84360FF7060D427cA34B866E0EB5CF41.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8A06ABE2DF8F42179029F8B0C9592D95.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8A8328AB06764c4c900907C38399C8B4.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6B6E5AA2D902491bA59F54908358EFB6.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C629831D62054a668D5729925191EAFA.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 43753A0CD1704a3b937BB09A4124E598.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 008EBAB7DE584188BA7FF6DC8F94B9E1.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7281E56F75A74d89B89A8396AD4CBC76.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B41231DD201D4348B618913F699A6958.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8C31FBD4D7D541c785331D9FDC740E6B.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 969C3B1D80434efbA02F6B2D160DE305.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 43B37BE6E45B4349A5BC2D5BECD4296D.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B80D71716B1C4491A83E7184C5A0AF5B.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FE886BF9F32E470bA70128AAC8908497.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 521C8B16FE2F4369887334C9C68386FD.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2CB2E0D8EDEE44a38CD68471D36A08A4.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 13D1E840E5E84623B29EB3698662DDC5.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 02B09E9FC3C748ed8874639D42F0FCCF.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B5F968E6A20D4b9e82CC0F1EB3639682.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F9D42A99D01047dcA5F143AA4B1CC513.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BAFAA9E2ADED4cb18502812652C4C105.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0001049C738A474f8EE9FFB3C8C7FBED.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 237A174AB9C240abB727E6F2521B7C91.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E74C8E4D95D34724A0A8CD494BEE8653.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5FE1C992197D4f01803D159EC7198876.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2E2200B894234d32B964B3EF235ED9C3.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A8380DD7042848219114806D7A39B4DC.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E4679E6D3254476f81B9639B9175CF09.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8AE4706C34D741cfBFE3B2099564C930.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B1678DE62BB941a4BC9CFEB405BC83A4.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DE94E43861CC46e58293EAAE77F1DB25.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 248456F4F9034546B0A0408084704644.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 311CC72584F24f8881722B06CD2C6083.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 616C8062742E4a369F11744629F5D766.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DE2016E69CDA42ed92FD78A8A7AD823E.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D2FE58F785B1479aAD30B579A1BE113A.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7C820A449C0B4abbA39C5F284965327A.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 005C2949C9284b67A8199F2B190E6CCA.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 86F4BB737FB0428cA07667BB8927DC6B.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 848E91977A7842f9A927A5FAEDCB490E.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3226F429AE744512B6E9C7AB6631715B.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4F2C99F493674d6793A0C689509369EA.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1AEC43E93AF740b3904053D62A100450.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7344ED867C3A4f3e98AF0F6B026A4ABC.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 304CCF3DEEB44d46A7511E7806CD93EC.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C31676BD154248868F8D271A03988B17.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\A2OI79Q6XAGJ758XHUQL.temp",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F3D53B4656CB489283A65AD239BF2E69.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6679A80A521140859126891DCDC66648.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 26331627D9CA452fB5BE913DAEB7D6FD.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\28E4.tmp",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\28D4.tmp",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\28D3.tmp",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\28C2.tmp",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\b5786273-786b-4ae8-b343-08e7fb79eaf2\index-dir\temp-index",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\LOG",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\b5786273-786b-4ae8-b343-08e7fb79eaf2\index-dir\temp-index",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\b5786273-786b-4ae8-b343-08e7fb79eaf2\index-dir\temp-index",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FDE947C497C64d56832B3370A8665919.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E3E8952B396D41c1AF229B6549237CAB.ppd",2
"2017-03-22T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 39B13608559A43a88C1082D9FAD8E48D.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7C05EBBFDF8A48d5A01BCEE69EE9E35B.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D12269851505477cAE006F49ECB1D485.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AA3E391086224a8599E91670FDDE1F67.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0868BF73188F429cACC637C420B55416.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6F5546FAD407425697EAFCFA45268A6F.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A587E97CFB86424fAFCFF0F6AA1F440E.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 909952A8401243c184648933ECD2E436.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0B2950714DE34d8b8455E590A5E6DFF4.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 588CB88C220B4b8a8472E1AE5D712F5C.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1806A0349E0B4d66A4BDBFC8C9139130.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4DF980A8A531470692B2B4B06C6EDB8A.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 72B705C376EA42f0865996FBB9FA1807.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C900AA4DCA32473483C292EDF70D3C26.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DAA6768BB30B4750812BF58FA46AAF26.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C49C33F264484362BEA0FD281E4EC942.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B76DD539E12D4248BE57D45D54809EFD.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 426EB9808A2747f18EAD945B6C88792C.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 364C97D506474b7cB6CE7C07D9798AC6.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 816335385F6E40dc8B28AB160F81D0CE.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\Logs\CBS\CbsPersist_20170321180827.cab",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B53D41E86049473b915992C22CAC9652.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 968A437FD2E849159FDA52A766314A1E.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7C22EB51D4EA4c81A02A4270F4789DFC.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A65A2E03A8C6475b92F40B64B4DF1E4C.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 23FC4269701B4c5d9B928CE699A883A4.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B83ECB255FE0486f9CE8ABA19D572366.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AB950C4CAAAA4d1dBA1AD138A5322A4C.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 55CBE770551A4dea8C72E04D26FD9BE4.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1D5DA37AB01C46f2916430A6D74EC9C5.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7BD9A37582104fefB52BF30A6C2FCF7A.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AC9C814B3F964935890851E8D7612C4D.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BD45CA8422B94637835ABA90F65C455C.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6EE9ABD991794b979A302D8114E3406B.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7EFABC3F95EF41abA9DFCE3A4B324CD2.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0087073653C043e593FDDCC2A78E8ECA.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1AA1173D5FFA4121BFDFE4151B4FD3E3.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D3F5CA2D0FCC4615AB1EE44836B600C2.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FBF130926A2D4c6c87AE77036DD15B0D.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BD07960DEFCA479e848BECB826043735.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9702B86863914d98A368AFFE037A85AF.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 76B1A25B48304201AEEB61F4F9603CC4.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1C849346444A40d389D3C092E3A97060.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 351719D081D1410cB49378B523A5E304.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E318AF209F6E405f9B755464C1E94D15.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DE6173BA2427425bBFD52D929822DDC0.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CACF4C59E24141be94400DAE828A3F9D.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AB0F2DFD6F3E4a79ABFD60123957021C.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DB5D8947E5804d738E00664FFD6195E3.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3C82F746199548529081133F4E26915E.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E9B6D18667AC4ee2827FE1C1A9B950DE.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B3006EDF94524a4c9413207DDFE9BFD9.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 300AE591C9404a18B4719AFDEBF84FEB.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6F55CC94F88A40ab87712C1ACBE60BA4.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 83CA701AFFD647a493E0618FBB08E0CF.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D0FB6423F188416f975BD10FFD4F01B0.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 756AD1A99E54462eB5652035B69A7964.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 850F604F7935463687A4C58DBC4367C4.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 51FC69ECF536469f8251AD74A7E43C90.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F5D64B03F7E746c78E6217F9412BC7FB.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7BCBCA0CB9EA4904B4AB038FE6A6378D.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C24B45E40E7A4a6989F45A2042FC529A.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D0AB465170554683BD181FEB4A7E3627.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E3C92B8923494f249CD2775B0974BDF7.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1B745E58F5C74da6A3F92FAD5088A55D.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ABE5716A16404f81AC2672FF78D1EB43.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FA3AC738C8164008A428A4AFB0112B93.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2C43806916E44f6bA552ADBE0696E810.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 18C7F139D53141e98244F4CE755B75F1.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BFC12FC8ECC846c18792D4A8F4C093A3.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1CE5BAF4AA474abfAE0FF47775488943.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B28A9FBCC22E4680BAADD6B503B9CD99.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F932EF6464C74010B61BAD303E618C7D.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7BFF920E0A37487bAFA794BF9A101D1E.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FDA002FD6EDD4b409FC81BD713EF8835.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 49526ECF8FDD4d54AC56D7C24BDBF193.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 19D0A26DD8634dbaB6B3F102F96F3F9C.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7E6B1DAC23214c9fB48426B777A1A994.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F7E2D7F2DAD048039A842E77B8C8DF6F.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A46E224902C34c6fB663D820EAD68C91.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A39C0E60E47E4c02AA3AB76E9C9ED626.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7E331C62033549d1A39CB1F91B1623A1.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1DEC4E8825C94743AE9F32AF45041346.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7E6A0F10ABBB48daA07B3B865F9281A0.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 546E3E289DC94f26A05C4533ECB6D1B6.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8CDA8E565B8246d299F264F801BBE2F9.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 04FC893A7C5D43308F35BE31EAA71488.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1863DBBC7446491bB45CBAF1EA17629B.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D1A1AE045EEE41a2BFAC25AA2A22F200.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E4794A10E4E347959FFD625CCE808B6F.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D6F79641D1004cd6B88BA2B7A9602F29.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D995C0274DB04ada81BAC04163953F3D.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BB026DDFF7AB4632813DFEED79A01AE7.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FD6AF390933D4870AD0D97AE01692A7F.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CFA5703795A44d03A6E63CF869A1A449.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A9B4BE585783474bA834DD754BCBE23E.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5430D7674999490a90DF75DD3578F734.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E42EF8F28AE3463dBCFF256D984D9600.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1784A9D436AC42c58C9AC69B4FDA6B72.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2C32B3A7C55C49968775BAEBC7532EB0.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E662A48D9CC649139E444934F199B2E6.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 99BE348E74BC4e78AE49CA5BB65451D2.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A3A3A8C65B6E4d9f8363E25F112DDD03.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C0F38A00885C4219A54CCBE2BCBD316A.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 573B36DCBBBD427d9A3DBC60D0909E35.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0CBF06F2A16B41d4B98A7DEA987FE84F.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 03D290E20E0F43feBEFD8B7271027C68.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C40F330AF70E493d9AFF2D1F821AAAE9.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BF49845C14DB41ffA3F8ACE5795D3405.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B90C6701491E4f2e9434C6D8D2138D0E.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2C5DB7F85A3D485a9B28E2C3E25A938A.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D4747067DBE040a5993D6EC64C6FF471.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D64CB25E70BC4446BD0BB948DA5980A9.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 58FB2586C4114464BBFECA1791D25455.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 35216473C1FE44f48D209FFBC4303695.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 07612FE49B02483bB89BC3C274D3CBEB.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 482F4469756B488a97187472A62104E5.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CC08E16A142645d3BEA9608D74D05659.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 835CE5CD186E4052A138608092F302FB.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F25ABCDA4B4D4efbA00B1CB0B8A38ACC.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CC65F42166764d99A28C004683842834.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7D64F65114264e71A221883AFDAA2446.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9A7EFD1CCF594a9b9DC237227D7A26BA.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AA5BBFC72FF348749610BB2E89C2E029.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 25D3EF49F9BD47d28AE30BED37B25581.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B915F23E0D5E42fdB19FD61DF1B92015.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3408B0FFC5DD4467829D37373F61806F.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6641969FFC994a059D06F056E46112CF.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9B36301EE7D2438fBB5573876B7DD6CA.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D6D507DDCC3749fdB712147FC74C07AE.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 26386A2CAE2A4dccAB9D515B6BB82C93.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FB3424FDAB714fd98637B5B77E178160.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4AFDF33898D74cba84BD7D0EADFC6759.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8B369DCC5E6B413088BF10188F94DC34.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 806B4FA071F044319C09937383C3691E.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8FA1C11ED8DF4725BA1F5F82FBEE60F8.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4E13BA0D0E504fc48D7B2D3881B8254C.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 925D2E230D9340cbB25493789DC58300.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2B33CEB88B6D4d6aA6980B4FD2B9A050.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 40F09C459CC9426bA72C18ACE038045B.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8FAB8E75504F428dB28742626EE65C79.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9268C1079FE24e399C57F7C188F09C5B.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6ECBA9FD6B63457c845FD6F9FCA6D70E.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DF1043B180F14e82961540D389EA609F.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 952EB311D8A247e9834E23D0F96D9315.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8572680B571C4dacA74BC63DDC131873.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F4589734C69C479cB4EDE00E9D904DE5.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5DCCB4062B0F4564B7E640B600216CEF.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AF02362BE76A435fB88C463CD2C3A864.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B7D4F8016D914552B87D0DEA71B9CF70.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 27CEABAE618C4fd5B70B5D9FC5EBA10B.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 36A2FF308CBB42ac9FC05D920FD1462D.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9C4AC9BAF63E449e8B2EB26B89F94C0D.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 418B1F09C2FA472bA62C479E4ED2E94D.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 227DD5A0DCFA4f87A30667F57B13C796.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E73C744C32FB4f5aB804553C521FD699.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 587DFD8F509447639CE11713464B4B6D.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6DA96FBE774C4621BB1FFBA6900EAECB.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DCD88D86A9A6429c84D9FB195B2E760E.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7D407088592947938953948F3E708312.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E9D4D717999347a09BAF7DA0005F0FC2.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D605ECD43C9A40eeBC674032DE43527B.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BEC0BEF797D64942B04B70EE64869B0E.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 35937D4F5BCE4b2e80386F071F811C3C.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EB5A9FA748D54f6cA22527D22A5B05A5.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FC5DF25B7D024c31B22EBFB987ABEE62.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2C8CF8400C2C40d1988B8193845AB38D.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5AA74D410928448c9F7D1341FB1649BB.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DF0846DE42E44e348C6493C81908B7AB.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B51C1F43060E425581BF2BD955EB8A0F.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A20B3DDDD8A14b229607C69B639B7352.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DB4E70FDC01D4ea98F576348A13AA5AA.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E8713A8F9B52455c8514494F0C7D1D8E.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EE015F6593224e68BE8F10749F7F167C.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BD0F269BC5E14a9aB381766E412DFCC6.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 403905A1CCA64de69E145F21BCA820F7.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 92179D18F1724084A4C0E2D129578C9C.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A2146D0413AB417fB8314148E76C20BB.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CB22E4A312D84d9fAD0849B4C99C7E4B.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F67139C420E043faAEBC2ABAA66264B9.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EDE13E2169064642B9EF5DE75A55E4A9.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A939A5E031E84fb9A3EB50E3DAF2663A.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3AF02F81F3B3464f963FA8E4A64410AB.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 71095021D8E44ad382A6908C610F1D3A.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4077DDCD50394daaB4D3AA1986EA0CCF.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F4498CD94D6E4724A55C4EDFED350B79.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 71F87DD85DC2472992D403C840A60825.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0CB40FCE211E4039BE61473FA32F7D4E.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 43AB74C01EB9442c9EE009DF2187FB58.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 344FDD6A1E2C464c933F5F91D9194C50.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 57F802ADBAF842beA29750F242BCCB42.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 58E5D568060644da837F1857A0D3EE14.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8059F839FEFC4218A4ED980EB5ACB046.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A3EFBE54B7454f6d8CC947129CE3F568.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C9039266ACE64221B696ECBCF1102E68.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D1E891715292467188C3C1E8F80C2854.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FA99F6843B384c84BF2880FBDF9F22E2.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 886939D01CF14c1bA5E5E3DA4FACE84B.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2A473FEE43F04dfe8CFCBB501D54D4F5.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AE6A3A888FBE4b8bA2C2F6A0236C0CAB.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2369E490CE114caf83A742305A80B4DE.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4E876C24CE65472cBAD21243B982323E.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2E1C0038E89746d7AD6C895EF1D1C6A7.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B3333C6B230E48a89A545DBE7C60C556.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CCC965BFDFFD4e9e93E081C679A10B63.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8132F076579F4ac483E5D27878869566.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FF4621AE084442188350EB77582865E9.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B552330E742A465997920E9CB89922A3.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0150CD48B92E483bB062D2502D4D2487.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4F6461836BB94e43AC9D7A259E1B8DC8.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A9CB15EE01974933BFB3592666D66FB5.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0682DD29AD11406090E5B4CB4A5A4A09.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 25A06ECCD1AF47beAED7A5952CF4193B.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 94811910BC86447bA0A1E63754B68157.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 287920D558C9433199481CBD15038FBB.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 005E99A189364955BF85212491152F25.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D737CCA9878D4d259E4DC4E8E1C9DABB.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 272A9CAB1B174ecf9A93CB6574B194FA.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B92C4382151844a2848CFE8F1AA237EC.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D8415322DA0E413294270C8FABA072B9.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 06FE4A010EE64c7eBD9C2B58CEE384C8.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D79927C7139B46eb8906395789BB7F90.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 214E0E311E3E43a6B45B7812C5905FB5.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C44C9092053341d7B135CFDC7076D58A.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B00F79490DD34057AF8E547DD0173B1F.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3D1537E27C8044f98F2284336AF7A0CC.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C111E76B7F7D42c19244AE32B8DD54E1.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 253AC8AEB14A41cbA1DBF04F49758B3A.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A187C4462B614b5aACE7EBFD5FB2A1C4.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 887CA34766CA42fb89BC46512F301915.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C3C005DD9D9A4a11A0A12BDD0FA9ED78.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C7FCAAA5BD65427e84AC1A36FFADDA23.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 013973DC8B844781A0739BA3F5A688E1.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3BEC45494BA24de0ADACA72729AE5F75.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 32A7E371162F45f0A0BBE6CA30416552.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D0EFA7E0B0F74326AF4D511F4A2A0AF6.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 69C8AF89F05F40cfBB8F2688A6C2497F.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 74520F597F89475cB481C66C552234F9.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B96EA5ABC145477093913B0EA0DC46F8.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DAEB877F3B454c628117F4A566FEC602.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C62E8FC82137413297E43FFA31ACDF50.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0CC57FC3DBE14b299CC439F888A987F7.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8AAE0436E98646d1AE973913ED5D44BA.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E087F5E048DD4a2d9932616F22B46FD8.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 468D9F60EF674a1594BAD19DB25D139A.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 454CF3D51A5743cc804E3922225DE4BC.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 42FE402512F04133B0CC78680386CC99.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 85D53B43965A4192912946558816DC60.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 76FB487EE4604069B4C2C87AF41BBF43.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E6BF5ABC6A5E487886C64AFDCC669A1F.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DAD73E563ACB455f9B20FAE8131CDA0B.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 26BB500838D7486aB844A97B38330494.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 769B61AFF9ED4612B40BA95D42A02237.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5218733DB2A04749BDFD1311224D5D21.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 06BD8199B8C44f78A1358A3B1F20D5E1.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AA627AF6918245ddA56767229FB680E6.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F4DBC421BD814173A09C36D2411C7AB2.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\32090abb95773d9bcc608e06c2f2fe19\BIT1075.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\32090abb95773d9bcc608e06c2f2fe19\BITE668.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c88e7a6b727c2c43b674b63d8e8e06cd\BITE658.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fa1b45665fb6cd947bc65dd2a6ca6751\BITD74A.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b87f83eae6056e6b58affa01bdaabcf1\BITD729.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E5EC62B7D3944acd9702FC79FCBE2347.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6DF9036B8D674eaeADCB05F52171CEF3.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 24189891209E4c9594CA4A88FC792773.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9c29319af383ce64fc9a8589a49f9ac7\BIT1A2B.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\85e3c892f4e7261a4a10326a971ce2e5\BIT149F.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c4812683c098f296c4a4e4f0c5d3f20e\BIT84F.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 369B3456A25E4dc3871C0A8F156FDE93.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8F4C4CBD4C354bbaB78544BC250C3CEE.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AB2F36A2AAF34ead9D77E62447C748B6.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\aeb311e69e799a436e15556cb75ed49d\BITFF97.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\34f40659e4b64e23c2ca85762031ee08\BITF6B9.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c88e7a6b727c2c43b674b63d8e8e06cd\BITF699.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\70c0e7f75e272561ea4d92ce689d468b\BITF62A.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 084A44056A7E4913B74585018AE5F694.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 654F990F14714fc9B05C7FD4FE066AFB.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 139D5324F6BB4b268AF0A18B4F488D5B.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a95c34bf8be066a62e749cc8a8bafc7f\BITF60A.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9c29319af383ce64fc9a8589a49f9ac7\BIT8F0D.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\85e3c892f4e7261a4a10326a971ce2e5\BIT8EFC.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c4812683c098f296c4a4e4f0c5d3f20e\BIT8EDC.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\aeb311e69e799a436e15556cb75ed49d\BIT8EBC.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a95c34bf8be066a62e749cc8a8bafc7f\BIT8E6D.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1A5F173142D34a67A4111891EAB6DCB8.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 13254ECC656745629BFEE10ACC360556.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 97F8E425EF1542ee8AF946280A3AD46E.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 84CE55B0531143008ECDC89DE268830B.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 37B97DC7C46C4757963E0F6AB03CF237.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9C379C66DFCB4a3eB7E24D0787386F0B.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A4BB56671E58439b9482DFEF43C55C06.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CE909B5207504ede882EC5ABD2DBCAF8.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 27E9DB038CD343239D07AF5AD0AC10AC.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\Logs\CBS\CbsPersist_20170321165837.cab",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4129FB4CCE1B41b9B759FE69410CC7F1.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F3632E5819FC43e993B53F7D783A49F5.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4B6DA791D77942df980ABAFD52DCCA15.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C9056D5B30C340e7A2074D0817828078.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D4A7F34AC00747d2AA3AD2DF6A15911C.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 51052074A6B44ac18E7D0233725653A3.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 33F9933089BC41c78DC08480B138C417.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3B966F8B676F4521A7CD31DAE38CC391.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 531088CAC0E249f88164E2E28795DEAD.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 89AC0601DB3F4ec9B70E18F51A034DCF.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 46F50B799955458c9F7EBA6F310FE309.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E1FADC3D23134224AC03CD5FB2F06479.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\62d3.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\SysWOW64\SET2582.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\SysWOW64\SET2561.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\SysWOW64\SET2551.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\SysWOW64\SET2540.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\SET2501.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\SET24D1.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\SET24C0.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\SET24B0.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\drivers\SET249F.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{5fb894b8-36d5-2d82-94a0-b94948115116}\SET2381.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{5fb894b8-36d5-2d82-94a0-b94948115116}\SET2380.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{5fb894b8-36d5-2d82-94a0-b94948115116}\SET237F.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{5fb894b8-36d5-2d82-94a0-b94948115116}\SET236E.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{5fb894b8-36d5-2d82-94a0-b94948115116}\SET236D.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{5fb894b8-36d5-2d82-94a0-b94948115116}\SET236C.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{5fb894b8-36d5-2d82-94a0-b94948115116}\SET236B.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{5fb894b8-36d5-2d82-94a0-b94948115116}\SET236A.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{5fb894b8-36d5-2d82-94a0-b94948115116}\SET235A.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{5fb894b8-36d5-2d82-94a0-b94948115116}\SET2359.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{5fb894b8-36d5-2d82-94a0-b94948115116}\SET2348.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{584ae23f-d392-49f5-35e5-523148cb1403}\SET2342.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{584ae23f-d392-49f5-35e5-523148cb1403}\SET2341.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{584ae23f-d392-49f5-35e5-523148cb1403}\SET2340.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{584ae23f-d392-49f5-35e5-523148cb1403}\SET232F.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{584ae23f-d392-49f5-35e5-523148cb1403}\SET232E.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{584ae23f-d392-49f5-35e5-523148cb1403}\SET232D.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{584ae23f-d392-49f5-35e5-523148cb1403}\SET232C.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{584ae23f-d392-49f5-35e5-523148cb1403}\SET231C.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{584ae23f-d392-49f5-35e5-523148cb1403}\SET231B.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{584ae23f-d392-49f5-35e5-523148cb1403}\SET231A.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{584ae23f-d392-49f5-35e5-523148cb1403}\SET2309.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\System32\drivers\SET217B.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\SysWOW64\SET20AF.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\System32\SET20AE.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\System32\drivers\SET20AD.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\System32\drivers\SET1BEB.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\drivers\SET16E9.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{73d8b972-c278-0be0-89fa-966a13626201}\SET165F.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{73d8b972-c278-0be0-89fa-966a13626201}\SET165E.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{73d8b972-c278-0be0-89fa-966a13626201}\SET165D.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{2c2245cf-eb3c-5fa1-55ff-4b525546ab37}\SET164C.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{2c2245cf-eb3c-5fa1-55ff-4b525546ab37}\SET164B.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{2c2245cf-eb3c-5fa1-55ff-4b525546ab37}\SET164A.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\drivers\SET14E6.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{05c0f925-26c9-63bd-e5e0-5530c67cb42a}\SET145C.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{05c0f925-26c9-63bd-e5e0-5530c67cb42a}\SET145B.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{05c0f925-26c9-63bd-e5e0-5530c67cb42a}\SET145A.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{1745309a-219b-0c07-18d1-74410b88dc01}\SET1455.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{1745309a-219b-0c07-18d1-74410b88dc01}\SET1445.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{1745309a-219b-0c07-18d1-74410b88dc01}\SET1444.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{6f59c5b9-4339-6d9e-08b0-0630b245df4a}\SET1314.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{6f59c5b9-4339-6d9e-08b0-0630b245df4a}\SET1304.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{6f59c5b9-4339-6d9e-08b0-0630b245df4a}\SET1303.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{39781bf7-2f67-6f0f-5a33-cc694c435404}\SET12BD.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{39781bf7-2f67-6f0f-5a33-cc694c435404}\SET12BC.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{39781bf7-2f67-6f0f-5a33-cc694c435404}\SET12AB.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{34c1c4f8-c3dd-5a29-b259-274559d91843}\SET1140.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{34c1c4f8-c3dd-5a29-b259-274559d91843}\SET113F.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{34c1c4f8-c3dd-5a29-b259-274559d91843}\SET112F.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{6f51baaa-18b1-2a6d-ec94-225d2911a630}\SET10D6.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{6f51baaa-18b1-2a6d-ec94-225d2911a630}\SET10D5.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{6f51baaa-18b1-2a6d-ec94-225d2911a630}\SET10D4.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\SysWOW64\SET5FA.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\System32\SET5F9.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\System32\drivers\SET5F8.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\drivers\SET32B.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{36e136a5-a349-403f-e609-4c29f45c4d17}\SET2A0.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{36e136a5-a349-403f-e609-4c29f45c4d17}\SET29F.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{36e136a5-a349-403f-e609-4c29f45c4d17}\SET29E.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{1d681274-9814-05b5-8495-46127911ad54}\SET291.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{1d681274-9814-05b5-8495-46127911ad54}\SET290.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\MsiExec.exe","C:\Windows\Temp\{1d681274-9814-05b5-8495-46127911ad54}\SET28F.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\PS_SCHM.GDL",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\PSCRIPT.NTF",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPS.DLL",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPS.INI",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\PSCRIPT.HLP",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPS.PPD",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\PS5UI.DLL",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\PSCRIPT5.DLL",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D1FAF2BF-729D-4998-910E-C64258B64990}\SETD7.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D1FAF2BF-729D-4998-910E-C64258B64990}\SETC6.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D1FAF2BF-729D-4998-910E-C64258B64990}\SETC5.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D1FAF2BF-729D-4998-910E-C64258B64990}\SETC4.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D1FAF2BF-729D-4998-910E-C64258B64990}\SETC3.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D1FAF2BF-729D-4998-910E-C64258B64990}\SETB3.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D1FAF2BF-729D-4998-910E-C64258B64990}\SETB2.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{D1FAF2BF-729D-4998-910E-C64258B64990}\SETB1.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIsve.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIita.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUItha.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIrus.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIptb.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIplk.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIkor.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIjpn.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIhun.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIfra.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIesn.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIell.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIdeu.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIcsy.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIcht.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUIchs.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPOG.chm",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPOG.bin",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPrnUI.DLL",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TPPRN.DLL",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\prtprocs\x64\1\SET52.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET51.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET50.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET3F.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET3E.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET3D.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET3C.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET3B.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET3A.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET2A.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET29.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET28.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET27.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET26.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET25.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET24.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET13.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET12.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET2.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET1.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{0822C32A-B1EE-4ABE-BE63-EDB9A393CF8F}\SET1.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\vmGuestLibJava.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\vmGuestLib.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\vmGuestLibJava.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\vmGuestLib.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\VgAuthIntegrationSubsys.dll.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\data\input\providerReg\caf_RemoteCommandProvider_1_0_0.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ConfigProvider.exe.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.dll.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\RemoteCommandProvider.exe.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\setUpVgAuth.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\IntegrationSubsys.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\rabbitmq.4.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\MaIntegrationSubsys.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpIntegrationSubsys.dll.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.dll.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\data\input\installProviderHeader.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\CommAmqpListener-log4cpp_config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ConfigProvider.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\is-listener-running.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\start-listener.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\RemoteCommandProvider.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\install\7za.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\data\input\invokers\caf_ConfigProvider_1_0_0.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\providerFx-appconfig",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\data\input\providerReg\cafTestInfra_CafTestInfraProvider_1_0_0.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\data\input\invokers\caf_InstallProvider_1_0_0.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\VgAuthIntegrationSubsys.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\IntBeanConfigFile.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\data\input\providerReg\caf_ConfigProvider_1_0_0.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ProviderFx.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\vgauth.conf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\install\caf-dbg.ps1",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\CommAmqpListener-context-tunnel.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\is-ma-running.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\providerFx-log4cpp_config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\stop-listener.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\IntegrationSubsys.dll.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\TestInfraProvider.exe.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ProviderFx.dll.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpIntegrationSubsys.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\CommAmqpListener-context-common.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpIntegration.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\log4cpp.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\intl.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\tearDownVgAuth.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CafIntegrationSubsys.dll.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\iconv.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\Framework.dll.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\TestInfraProvider.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\vgAuth.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\start-ma.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\glib-2.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\CommAmqpListener-context-amqp.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\pcre.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\install\GuidGen.vbs",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\stop-ma.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\data\input\invokers\caf_RemoteCommandProvider_1_0_0.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.exe.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\start-VGAuthService.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\data\input\invokers\cafTestInfra_CafTestInfraProvider_1_0_0.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\CommAmqpListener-appconfig",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\data\input\providerReg\caf_InstallProvider_1_0_0.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\Framework.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CafIntegrationSubsys.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommIntegrationSubsys.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\InstallProvider.exe.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\ma-context.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\ma-appconfig",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\ma-log4cpp_config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\install\postInstall.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\config\cafenv-appconfig",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware CAF\pme\scripts\stop-VGAuthService.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpIntegration.dll.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\InstallProvider.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\gthread-2.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\MaIntegrationSubsys.dll.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommIntegrationSubsys.dll.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPWinPrn.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\TPVMW32.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\TPVMMonUIjpn.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\TPVMMonUIdeu.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\TPVMMonUI.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\TPVMMonjpn.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\TPVMMondeu.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\TPVMMon.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\TPVCGatewaydeu.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\TPVCGateway.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\TPSvc.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\tprdpw32.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOGPS\amd64\TPPS.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOGPS\amd64\TPPS.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOGPS\amd64\TPPS.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOGPS\tpps.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUItha.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIsve.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIrus.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIptb.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIplk.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIkor.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIjpn.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIita.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIhun.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIfra.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIesn.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIell.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIdeu.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIcsy.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIcht.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUIchs.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrnUI.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPPrn.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\tpprint.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPOG.HLP",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPOG.chm",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\amd64\TPOG.bin",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOGPS\OEMPRINT.inf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\Virtual Printer\TPOG3\OEMPRINT.INF",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware Tools\Unity Filters\win7gadgets.txt",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware Tools\Unity Filters\vmwarefilters.txt",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware Tools\Unity Filters\visualstudio2005.txt",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware Tools\Unity Filters\vistasidebar.txt",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmusr\unity.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware Tools\Unity Filters\microsoftoffice.txt",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware Tools\Unity Filters\googledesktop.txt",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware Tools\Unity Filters\adobephotoshopcs3.txt",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware Tools\Unity Filters\adobeflashcs3.txt",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VmUpgradeHelper.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmusr\vmtray.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\vmbackup.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\common\vix.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\timeSync.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\common\thinprint.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\resolutionSet.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\powerOps.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\hwUpgradeHelper.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\zh_TW\hgfsUsability.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\zh_CN\hgfsUsability.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\ko\hgfsUsability.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\ja\hgfsUsability.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\it\hgfsUsability.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\fr\hgfsUsability.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\es\hgfsUsability.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\common\hgfsUsability.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\de\hgfsUsability.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\common\hgfsServer.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\guestInfo.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\grabbitmqProxy.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmusr\dndcp.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\diskWiper.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\disableGuestHibernate.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\zh_TW\desktopEvents.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\zh_CN\desktopEvents.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\ko\desktopEvents.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\ja\desktopEvents.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\it\desktopEvents.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\fr\desktopEvents.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\es\desktopEvents.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmusr\desktopEvents.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\de\desktopEvents.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\deployPkgPlugin.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\bitMapper.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\autoUpgrade.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\plugins\vmsvc\autoLogon.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\zip.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMwareXferlogs.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMwareToolboxCmd.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMwareResolutionSet.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMwareNamespaceCmd.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMwareHostOpen.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMToolsHookProc.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMToolsHook64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMToolsHook.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\zh_TW\vmtoolsd.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\zh_CN\vmtoolsd.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\ko\vmtoolsd.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\ja\vmtoolsd.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\it\vmtoolsd.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\fr\vmtoolsd.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\vmtoolsd.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\es\vmtoolsd.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\de\vmtoolsd.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\vmtools.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\win64\vmGuestLibJava.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\win32\vmGuestLibJava.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\win64\vmGuestLib.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\win32\vmGuestLib.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\vm-support.vbs",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\zh_TW\toolboxcmd.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\zh_CN\toolboxcmd.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\ko\toolboxcmd.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\ja\toolboxcmd.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\it\toolboxcmd.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\fr\toolboxcmd.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\es\toolboxcmd.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\messages\de\toolboxcmd.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\suspend-vm-default.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\ssleay32.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\sigc-2.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\rpctool.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\resume-vm-default.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\poweron-vm-default.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\poweroff-vm-default.bat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\pcre.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\openssl.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\open_source_licenses.txt",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\libeay32.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\intl.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\icudt44l.dat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\iconv.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\hgfs.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\guestproxycerttool.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware Tools\guestproxy-ssl.conf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\gthread-2.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\gobject-2.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\gmodule-2.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\glibmm-2.4.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\glib-2.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\gio-2.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\deployPkg.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vss\VCBSnapshotProvider.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vss\comreg.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmxnet3\Vista\vmxnet3ver.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmxnet3\Vista\vmxnet3.sys",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmxnet3\Vista\vmxnet3.inf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmxnet3\Vista\vmxnet3.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3dver.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3dum64_10.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3dum64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3dum_10.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3dum.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3dmp.sys",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3dgl64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3dgl.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3ddevapi64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3ddevapi.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3d.inf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\video_wddm\Vista\vm3d.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Vista\vsockver.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Vista\vsocklib_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Vista\vsocklib_x64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Vista\vsock.sys",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Vista\vsock.inf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\Vista\vsock.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\device\Vista\vmciver.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\device\vmciver.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\sockets\include\vmci_sockets.h",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\device\Vista\vmci.sys",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\device\Vista\vmci.inf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\vmci\device\Vista\vmci.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\pvscsi\Vista\pvscsiver.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\pvscsi\Vista\pvscsi.sys",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\pvscsi\Vista\pvscsi.inf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\pvscsi\Vista\pvscsi.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\mouse\Vista\vmusbmousever.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\mouse\Vista\vmusbmouse.sys",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\mouse\Vista\vmusbmouse.inf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\mouse\Vista\vmusbmouse.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\mouse\Vista\vmmousever.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\mouse\Vista\vmmouse.sys",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\mouse\Vista\vmmouse.inf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\mouse\Vista\vmmouse.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\memctl\Vista\vmmemctlver.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\memctl\Vista\vmmemctl.sys",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\memctl\Vista\vmmemctl.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\memctl\Vista\vmmemctl.inf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMwareHgfsClient.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\Drivers\hgfs\Vista\vmhgfsver.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\Drivers\hgfs\Vista\vmhgfs_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\Drivers\hgfs\Vista\vmhgfs_x64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\Drivers\hgfs\Vista\vmhgfs.sys",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\Drivers\hgfs\Vista\vmhgfs.inf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\Drivers\hgfs\Vista\vmhgfs.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\rawdsk\Vista\vmrawdskver.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\rawdsk\Vista\vmrawdsk.sys",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\rawdsk\Vista\vmrawdsk.inf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\rawdsk\Vista\vmrawdsk.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\vmacthlp.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\audio\Vista\vmaudiover.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\audio\Vista\vmaudio.sys",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\audio\Vista\vmaudio.inf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\Common Files\VMware\Drivers\audio\Vista\vmaudio.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\zh_TW\VGAuthService.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\zh_CN\VGAuthService.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\ko\VGAuthService.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\ja\VGAuthService.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\it\VGAuthService.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\fr\VGAuthService.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\es\VGAuthService.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\en\VGAuthService.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\de\VGAuthService.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\zh_TW\VGAuthLib.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\zh_CN\VGAuthLib.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\ko\VGAuthLib.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\ja\VGAuthLib.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\it\VGAuthLib.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\fr\VGAuthLib.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\es\VGAuthLib.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\en\VGAuthLib.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\de\VGAuthLib.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\zh_TW\VGAuthCli.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\zh_CN\VGAuthCli.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\ko\VGAuthCli.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\ja\VGAuthCli.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\it\VGAuthCli.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\fr\VGAuthCli.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\es\VGAuthCli.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\en\VGAuthCli.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\ProgramData\VMware\VMware VGAuth\msgCatalogs\messages\de\VGAuthCli.vmsg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\xml.xsd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\xerces-c_3_1.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\gobject-2.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\pcreposix.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\gthread-2.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\pcre.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\VMWSU_V1_0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\XMLSchema.dtd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\gio-2.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\xmldsig-core-schema.xsd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuth.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\xsec_1_6.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\libeay32.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\glib-2.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\gmodule-2.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\XMLSchema.xsd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\datatypes.dtd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\XMLSchema-instance.xsd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\VMwareAliasImport.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\catalog.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\vmtools.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\xenc-schema.xsd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\ssleay32.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\iconv.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthCLI.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\saml-schema-assertion-2.0.xsd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\schemas\XMLSchema-hasFacetAndProperty.xsd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\pcrecpp.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\intl.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\rvmSetup.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files\VMware\VMware Tools\install-rvmSetup.cmd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\msvcr71.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\mfc71u.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\mfc71.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\61ce.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files\VMware\VMware Tools\vmtoolsd.exe","C:\Windows\Temp\vmware-SYSTEM\VMwareToolsUpgrader.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\Hyphenation_en\Windows6.3-KB2849697-x86.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\Hyphenation_en\Windows6.3-KB2849697-x86-pkgProperties.txt",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\Hyphenation_en\Windows6.3-KB2849697-x86.cab",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\Hyphenation_en\WSUSSCAN.cab",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\Spelling_en\Windows6.3-KB2849696-x86.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\Spelling_en\Windows6.3-KB2849696-x86-pkgProperties.txt",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\Spelling_en\Windows6.3-KB2849696-x86.cab",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\Spelling_en\WSUSSCAN.cab",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\SetupDownloadList.txt",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\HardwareBlockingList.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\NrPolicy.txt",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\iexplore.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\ienrcore.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\ieudinit.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\trustedinstaller.exe.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\NrPolicy.txt",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7601.17514.mum",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7601.17514.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7601.17105.mum",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7601.17105.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7601.17077.mum",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7601.17077.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7601.16562.mum",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7601.16562.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7600.16385.mum",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7600.16385.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~8.0.7601.17514.mum",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~8.0.7601.17514.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~8.0.7601.17105.mum",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~8.0.7601.17105.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~8.0.7601.17077.mum",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~8.0.7601.17077.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~8.0.7601.16562.mum",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~8.0.7601.16562.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~8.0.7600.16385.mum",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~8.0.7600.16385.cat",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\IE11-Windows6.1-x64-en-us.exe","C:\Windows\Temp\IE12885.tmp\IE11-support\ieinfra.manifest",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\42e13f74.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\zzz_system.windows.forms.datavisualization.dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.DataVisualization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\zzz_system.windows.forms.datavisualization.dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\XsdBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XsdBuildTask.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\XsdBuildTask.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\XsdBuildTask.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\XamlBuildTask.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\XamlBuildTask.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpf-etw.man",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WorkflowServiceHostPerformanceCounters.man",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WorkflowServiceHostPerformanceCounters.man",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WorkflowServiceHostPerformanceCounters.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\WorkflowServiceHostPerformanceCounters.dll.mui",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\WorkflowServiceHostPerformanceCounters.dll.mui",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WorkflowServiceHostPerformanceCounters.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Workflow.VisualBasic.Targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Workflow.VisualBasic.Targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Workflow.Targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Workflow.Targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\wminet_utils_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WMINet_Utils.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\wminet_utils_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardProviderInfo.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardProviderInfo.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardProviderInfo.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardProviderInfo.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardPermission.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardPermission.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardPermission.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardPermission.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\WizardPage.cs",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\WizardPage.cs",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardInit.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardInit.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardInit.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardInit.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardFinish.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardFinish.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardFinish.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardFinish.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardCreateRoles.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardCreateRoles.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardCreateRoles.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardCreateRoles.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardAuthentication.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardAuthentication.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardAuthentication.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardAuthentication.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardAddUser.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardAddUser.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardAddUser.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardAddUser.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizard.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizard.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizard.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizard.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsFormsIntegration.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\WindowsFormsIntegration_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsFormsIntegration.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\WindowsFormsIntegration_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\webengine4.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\webengine.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\WebAdminWithConfirmationNoButtonRow.master",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\WebAdminWithConfirmationNoButtonRow.master",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\WebAdminWithConfirmation.master",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\WebAdminWithConfirmation.master",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\WebAdminStyles.css",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\WebAdminStyles.css",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\WebAdminPage.cs",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\WebAdminPage.cs",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\webAdminNoNavBar.master",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\webAdminNoNavBar.master",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\webAdminNoButtonRow.master",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\webAdminNoButtonRow.master",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\WebAdminHelp_Security.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp_Security.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp_Security.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\WebAdminHelp_Security.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\WebAdminHelp_Provider.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp_Provider.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp_Provider.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\WebAdminHelp_Provider.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\WebAdminHelp_Internals.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp_Internals.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp_Internals.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\WebAdminHelp_Internals.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\WebAdminHelp.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\WebAdminHelp.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\WebAdminHelp_Application.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp_Application.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp_Application.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\WebAdminHelp_Application.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\webAdminButtonRow.master",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\webAdminButtonRow.master",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\web.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\web.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\webAdmin.master",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\webAdmin.master",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web_minimaltrust.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web_minimaltrust.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web_minimaltrust.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web_minimaltrust.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web_mediumtrust.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web_mediumtrust.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web_mediumtrust.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web_mediumtrust.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web_lowtrust.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web_lowtrust.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web_lowtrust.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web_lowtrust.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web_hightrust.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web_hightrust.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web_hightrust.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web_hightrust.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web.config.comments",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config.comments",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.rsp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.rsp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\UninstallWebEventSqlProvider.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\UninstallWebEventSqlProvider.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\UninstallSqlStateTemplate.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\UninstallSqlStateTemplate.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\UninstallSqlState.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\UninstallSqlState.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\UninstallRoles.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\UninstallRoles.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\UnInstallProfile.SQL",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\UnInstallProfile.SQL",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\UninstallPersonalization.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\UninstallPersonalization.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\UninstallPersistSqlState.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\UninstallPersistSqlState.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\UninstallMembership.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\UninstallMembership.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\UninstallCommon.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\UninstallCommon.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\UIAutomationTypes_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationTypes.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\UIAutomationTypes_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\UIAutomationProvider_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationProvider.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\UIAutomationProvider_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\UIAutomationClientsideProviders_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationClientsideProviders.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\UIAutomationClientsideProviders_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\UIAutomationClient_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationClient.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\UIAutomationClient_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\ucbrowser.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\ucbrowser.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\en\Tracking_Schema.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Schema.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\en\Tracking_Logic.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Logic.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\TLBREF.DLL",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\TLBREF.DLL",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.XML.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xaml.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Presentation.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System_Windows_Presentation_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Windows.Presentation.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System_Windows_Presentation_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System_Windows_Input_Manipulations_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System_Windows_Input_Manipulations_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.tlb",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_windows_forms_tlb_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.tlb",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_windows_forms_tlb_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Controls.Ribbon.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Controls.Ribbon\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Controls.Ribbon.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Windows.Controls.Ribbon.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.tlb",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.tlb",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Services.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_web_services_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Services.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_web_services_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.RegularExpressions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.RegularExpressions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Mobile.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Mobile.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Transactions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_transactions_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Transactions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_transactions_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.tlb",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_tlb_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.tlb",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_tlb_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceProcess.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_serviceprocess_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceProcess.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_serviceprocess_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_runtime_serialization_formatters_soap_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_runtime_serialization_formatters_soap_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Remoting.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.context.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Context\v4.0_4.0.0.0__b77a5c561934e089\System.Reflection.context.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.context.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Numerics.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_numerics_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Numerics.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_numerics_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.Http.WebRequest.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http.WebRequest\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.WebRequest.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Http.WebRequest.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.Http.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Http.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Messaging.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_messaging_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Messaging.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_messaging_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_management_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Management.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_management_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Compression.FileSystem.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Compression.FileSystem.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Compression.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Compression.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Wrapper.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.Wrapper.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.tlb",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_enterpriseservices_tlb_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.tlb",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_enterpriseservices_tlb_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_enterpriseservices_thunk_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.Thunk.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_enterpriseservices_thunk_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_enterpriseservices_wrapper_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_enterpriseservices_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_enterpriseservices_wrapper_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_enterpriseservices_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.tlb",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_drawing_tlb_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.tlb",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_drawing_tlb_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.Protocols.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Device.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_device_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Device.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_device_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Deployment.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.SqlXml.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.SqlXml.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.OracleClient.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.OracleClient.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.Install.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_configuration_install_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Configuration.Install.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_configuration_install_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Configuration.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Caching.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Caching.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XDocument.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XDocument\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XDocument.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XDocument.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Xml.Serialization.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Xml.Serialization.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.ReaderWriter.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.ReaderWriter\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.ReaderWriter.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.ReaderWriter.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Linq.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.xml.linq.dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Linq.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.xml.linq.dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.Hosting.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xaml.Hosting.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.WorkflowServices.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.WorkflowServices.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.Runtime.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.Runtime.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.ComponentModel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.ComponentModel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.Activities.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.Activities.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.DataVisualization.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Windows.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Routing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Routing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Extensions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Extensions.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Entity.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Entity.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Entity.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Entity.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DynamicData.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DynamicData.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DynamicData.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DynamicData.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DataVisualization.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Web.ApplicationServices.dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.ApplicationServices.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Web.ApplicationServices.dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Abstractions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Abstractions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Threading.Timer.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Timer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Timer.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.Timer.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Threading.Tasks.Parallel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks.Parallel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.Parallel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.Tasks.Parallel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Threading.Tasks.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.Tasks.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Threading.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Text.RegularExpressions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Text.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Text.RegularExpressions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Text.RegularExpressions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Text.Encoding.Extensions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Text.Encoding.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Text.Encoding.Extensions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Text.Encoding.Extensions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Text.Encoding.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Text.Encoding\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Text.Encoding.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Text.Encoding.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Web.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Web.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.WasHosting.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.WasHosting.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.ServiceMoniker40.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.ServiceMoniker40.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Security.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.Security.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Security.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Routing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.ServiceModel.Routing.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Routing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.ServiceModel.Routing.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Primitives.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.Primitives.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Primitives.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.NetTcp.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.NetTcp\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.NetTcp.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.NetTcp.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Internals.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Internals.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Http.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.Http.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Http.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Duplex.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Duplex\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceModel.Duplex.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Duplex.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.ServiceModel.Discovery.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Discovery.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.ServiceModel.Discovery.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.ServiceModel.Channels.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Channels.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.ServiceModel.Channels.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activities.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.ServiceModel.Activities.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Activities.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.ServiceModel.Activities.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activation.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Activation.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Security.Principal.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security.Principal\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.Principal.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.Principal.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Numerics.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Numerics\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Numerics.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Numerics.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.InteropServices.WindowsRuntime.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices.WindowsRuntime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.WindowsRuntime.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.InteropServices.WindowsRuntime.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.InteropServices.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.InteropServices.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Extensions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Extensions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Extensions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.DurableInstancing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Runtime.DurableInstancing.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.DurableInstancing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Runtime.DurableInstancing.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Resources.ResourceManager.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Resources.ResourceManager\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Resources.ResourceManager.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Resources.ResourceManager.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.Primitives.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Primitives.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Primitives.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.Extensions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Extensions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Extensions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Extensions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.Emit.Lightweight.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Emit.Lightweight\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Emit.Lightweight.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Emit.Lightweight.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.Emit.ILGeneration.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Emit.ILGeneration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Emit.ILGeneration.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Emit.ILGeneration.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.Emit.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Emit\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.Emit.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.Emit.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Reflection.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Reflection.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Reflection.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Printing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Printing_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Printing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Printing_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ObjectModel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ObjectModel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ObjectModel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ObjectModel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.Requests.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Requests\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Requests.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Requests.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.Primitives.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Primitives.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Primitives.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.NetworkInformation.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.NetworkInformation\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.NetworkInformation.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.NetworkInformation.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.Http.Rtc.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http.Rtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.Rtc.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.Http.Rtc.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.Instrumentation.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.management.instrumentation.dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Management.Instrumentation.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.management.instrumentation.dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Linq.Queryable.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq.Queryable\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.Queryable.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.Queryable.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Linq.Parallel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq.Parallel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.Parallel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.Parallel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Linq.Expressions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq.Expressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.Expressions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.Expressions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Linq.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Log.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.IO.Log.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Log.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.IO.Log.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IO.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Services.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Services\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Services.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.Services.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Selectors.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.IdentityModel.Selectors.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.Selectors.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.IdentityModel.Selectors.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Globalization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Globalization\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Globalization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Globalization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.Runtime.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.Runtime.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Dynamic.Runtime.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.dynamic.dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Dynamic.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.dynamic.dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.AccountManagement.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.directoryservices.accountmanagement.dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.AccountManagement.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.directoryservices.accountmanagement.dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Tracing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tracing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Tracing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Tracing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Tools.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tools\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Tools.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Tools.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Debug.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Debug\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Debug.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Debug.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Contracts.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Contracts\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Contracts.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Contracts.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Client.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.data.services.client.dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.Client.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.data.services.client.dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Linq.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Linq.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.data.entity.dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Entity.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.data.entity.dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Entity.Design.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.data.datasetextensions.dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.DataSetExtensions.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.data.datasetextensions.dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Core.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.EventBasedAsync.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.EventBasedAsync\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ComponentModel.EventBasedAsync.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.EventBasedAsync.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ComponentModel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.componentmodel.dataannotations.dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.DataAnnotations.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.componentmodel.dataannotations.dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.componentmodel.composition.registration.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition.Registration\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.Registration.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\system.componentmodel.composition.registration.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Composition.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.componentmodel.composition.dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.Composition.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.componentmodel.composition.dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Annotations.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Annotations\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ComponentModel.Annotations.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.Annotations.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Collections.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Collections.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Collections.Concurrent.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections.Concurrent\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.Concurrent.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Collections.Concurrent.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.AddIn.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.Contract.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.addin.contract.dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.AddIn.Contract.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.addin.contract.dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Presentation.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Activities.Presentation.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.Presentation.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Activities.Presentation.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.DurableInstancing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Activities.DurableInstancing.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.DurableInstancing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Activities.DurableInstancing.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Activities.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Activities.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Core.Presentation.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Activities.Core.Presentation.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.Core.Presentation.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Activities.Core.Presentation.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\sysglobl.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\sysglobl_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\sysglobl.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\sysglobl_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\en\SqlWorkflowInstanceStoreSchemaUpgrade.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlWorkflowInstanceStoreSchemaUpgrade.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\en\SqlWorkflowInstanceStoreSchema.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlWorkflowInstanceStoreSchema.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\en\SqlWorkflowInstanceStoreLogic.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlWorkflowInstanceStoreLogic.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\en\SqlPersistenceService_Schema.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Schema.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\en\SqlPersistenceService_Logic.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Logic.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\en\SqlPersistenceProviderSchema.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceProviderSchema.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\en\SqlPersistenceProviderLogic.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceProviderLogic.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Speech.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\Speech_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Speech.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\Speech_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\sortdefault.nlp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\sortdefault.nlp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\SmtpSettings.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\SmtpSettings.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\SmtpSettings.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\SmtpSettings.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\SMSvcHost.exe.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\SMSvcHost.exe.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\SMDiagnostics.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMDiagnostics.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\SMDiagnostics.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\SetupUtility.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\setUpAuthentication.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\App_LocalResources\setUpAuthentication.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\App_LocalResources\setUpAuthentication.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\setUpAuthentication.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceMonikerSupport.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceMonikerSupport.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelRegUI.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelRegUI.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\ServiceModelRegUI.dll.mui",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelRegUI.dll.mui.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\ServiceModelRegUI.dll.mui",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelRegUI.dll.mui.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelRegUI.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelRegUI.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelPerformanceCounters.man",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelPerformanceCounters.man",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelPerformanceCounters.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelPerformanceCounters.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\ServiceModelPerformanceCounters.dll.mui",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelPerformanceCounters.dll.mui.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\ServiceModelPerformanceCounters.dll.mui",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelPerformanceCounters.dll.mui.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelPerformanceCounters.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelPerformanceCounters.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelInstallRC.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\ServiceModelInstallRC.dll.mui",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelInstallRC.dll.mui.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\ServiceModelInstallRC.dll.mui",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelInstallRC.dll.mui.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelInstallRC.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelEvents.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\ServiceModelEvents.dll.mui",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelEvents.dll.mui.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\ServiceModelEvents.dll.mui",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelEvents.dll.mui.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelEvents.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\MOF\ServiceModel.mof",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MOF\ServiceModel.mof",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\SecurityPage.cs",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\SecurityPage.cs",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\App_LocalResources\security0.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\App_LocalResources\security0.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\security0.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\security0.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\security.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\App_LocalResources\security.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\App_LocalResources\security.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\security.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SbsNclPerf.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\sbsnclperf_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SbsNclPerf.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\sbsnclperf_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\safari.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\safari.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\regtlibv12_exe_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\regtlibv12_exe_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\regsvcs_exe_config_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\regsvcs_exe_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\regsvcs_exe_config_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\regsvcs_exe_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\regasm_exe_config_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\regasm_exe_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\regasm_exe_config_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\regasm_exe_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ReachFramework.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ReachFramework_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\ReachFramework.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ReachFramework_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\ProvidersPage.cs",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\ProvidersPage.cs",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Providers\ProviderList.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Providers\App_LocalResources\providerList.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\App_LocalResources\providerList.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\ProviderList.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationUI.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationUI_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationUI.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationUI_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationNative_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationNative_v0400.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationNative_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\en-US\PresentationHost_v0400.dll.mui",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationHostDLL_x86.dll.mui",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\en-US\PresentationHost_v0400.dll.mui",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationHostDLL_amd64.dll.mui",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationHost_v0400.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemXmlLinq.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXmlLinq\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXmlLinq.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemXmlLinq.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemXml.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemXml.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemDrawing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemDrawing\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemDrawing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemDrawing.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemData.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemData\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemData.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemData.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemCore.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemCore.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Royale.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework.Royale_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Royale.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework.Royale_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Luna.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework.Luna_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Luna.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework.Luna_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Classic.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework.Classic_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Classic.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework.Classic_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.AeroLite.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.AeroLite\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.AeroLite.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.AeroLite.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Aero.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework.Aero_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Aero.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework.Aero_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationBuildTasks.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationBuildTasks.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\peverify.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\peverify.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\PerfCounters.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\PerfCounters.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\PerfCounters.h",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\PerfCounters.h",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\perfcounter_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\PerfCounter.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\perfcounter_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\PasswordValueTextBox.cs",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\PasswordValueTextBox.cs",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\opera.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\opera.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\normalization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normalization_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\normalization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normalization_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NlsLexicons0009_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\NlsLexicons0009.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NlsLexicons0009_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsData0009.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NlsData0009_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\NlsData0009.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NlsData0009_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ngen_exe_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ngen_exe_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\netmemorycache.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\netmemorycache.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\netmemorycache.h",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\netmemorycache.h",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1055.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_trk.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1053.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_sve.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1049.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_rus.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.2070.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_ptg.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1046.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_ptb.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1045.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_plk.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1044.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_nor.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1043.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_nld.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1042.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_kor.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1041.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_jpn.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1040.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_ita.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1038.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_hun.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1037.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_heb.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1036.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_fra.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1035.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_fin.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.3082.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_esn.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1033.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_enu.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1032.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_ell.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1031.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_deu.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1030.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_dan.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1029.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_csy.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1028.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_cht.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.2052.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_chs.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.1025.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair_ara.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\NETFXRepair.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NETFXRepair.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Migration\WTR\netfx45_upgradecleanup.inf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\NetFx45_IIS_schema_update.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\NetFx45_IIS_schema_update.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\NetFx40_IIS_schema_update.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\NetFx40_IIS_schema_update.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\watermark.bmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\Graphics\warn.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\UiInfo.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\Graphics\SysReqNotMet.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\Graphics\SysReqMet.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\Strings.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\Graphics\stop.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\sqmapi.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\SplashScreen.bmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\SetupUi.xsd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\SetupUi.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\SetupEngine.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\Graphics\Setup.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\Setup.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\Graphics\Save.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\Graphics\Rotate8.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\Graphics\Rotate7.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\Graphics\Rotate6.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\Graphics\Rotate5.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\Graphics\Rotate4.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\Graphics\Rotate3.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\Graphics\Rotate2.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\Graphics\Rotate1.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\Graphics\Print.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\ParameterInfo.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1055\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1053\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1049\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\2070\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1046\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1045\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1044\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1043\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1042\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1041\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1040\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1038\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1037\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1036\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1035\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\3082\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1033\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1032\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1031\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1030\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1029\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1028\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\2052\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1025\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1055\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1053\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1049\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\2070\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1046\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1045\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1044\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1043\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1042\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1041\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1040\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1038\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1037\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1036\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1035\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\3082\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1033\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1032\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1031\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1030\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1029\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1028\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\2052\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1025\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\header.bmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\DisplayIcon.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\DHtmlHeader.html",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\NavigationBar.cs",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\NavigationBar.cs",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\navigationBar.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\navigationBar.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\navigationBar.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\navigationBar.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\NaturalLanguage6.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NaturalLanguage6_x86.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\NaturalLanguage6.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\NaturalLanguage6_amd64.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\msvcr120_clr0400.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\msvcr120_clr0400.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\msvcr100_clr0400.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\msvcr100_clr0400.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\msvcr110_clr0400.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\msvcr110_clr0400.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\msvcp120_clr0400.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\msvcp120_clr0400.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\msvcp110_clr0400.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\msvcp110_clr0400.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorsvw_exe_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorsvw_exe_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorsvc_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorsvc_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsn.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsn.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\MUI\0409\mscorsecr.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorsecr_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MUI\0409\mscorsecr.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorsecr_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsecimpl.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorsecimpl_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsecimpl.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorsecimpl_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorrc_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorrc_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorpehost_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorpehost_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpe.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorpe_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpe.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorpe_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.tlb",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorlib_tlb_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.tlb",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreeis.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscoreeis_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreeis.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscoreeis_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.tlb",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscoree_tlb_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoree.tlb",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscoree_tlb_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.rsp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.rsp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\MmcAspExt.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MmcAspExt.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\microsoft_visualc_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualC.Dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\microsoft_visualc_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\microsoft_visualbasic_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\microsoft_visualbasic_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\microsoft_visualbasic_compatibility_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\microsoft_visualbasic_compatibility_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\microsoft_visualbasic_compatibility_data_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\microsoft_visualbasic_compatibility_data_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.tlb",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\microsoft_jscript_tlb_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.JScript.tlb",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\microsoft_jscript_tlb_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.JScript.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.xsd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.xsd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild\Microsoft.Build.Core.xsd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild\Microsoft.Build.Core.xsd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild\Microsoft.Build.Commontypes.xsd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild\Microsoft.Build.Commontypes.xsd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Xaml.targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Xaml.targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.WorkflowBuildExtensions.targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.WorkflowBuildExtensions.targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.WinFx.targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.WinFx.targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Windows.ApplicationServer.Applications.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\Microsoft.Windows.ApplicationServer.Applications.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\Microsoft.Windows.ApplicationServer.Applications.dll.mui",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\Microsoft.Windows.ApplicationServer.Applications.dll.mui.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\Microsoft.Windows.ApplicationServer.Applications.dll.mui",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\Microsoft.Windows.ApplicationServer.Applications.dll.mui.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Windows.ApplicationServer.Applications.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\Microsoft.Windows.ApplicationServer.Applications.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Windows.ApplicationServer.Applications.45.man",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Windows.ApplicationServer.Applications.45.man",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.STLCLR.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualC.STLCLR.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\Microsoft.Transactions.Bridge.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Transactions.Bridge.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\Microsoft.Transactions.Bridge.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.ServiceModel.targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.ServiceModel.targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.NETFramework.targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.NETFramework.targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.NETFramework.props",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.NETFramework.props",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Internal.Tasks.Dataflow.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Internal.Tasks.Dataflow\v4.0_4.0.0.0__b77a5c561934e089\Microsoft.Internal.Tasks.Dataflow.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Internal.Tasks.Dataflow.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Data.Entity.targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Data.Entity.targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Data.Entity.Build.Tasks.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Data.Entity.Build.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Data.Entity.Build.Tasks.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Data.Entity.Build.Tasks.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.CSharp.targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.CSharp.targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.CSharp.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\microsoft.csharp.dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.CSharp.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\microsoft.csharp.dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Common.Tasks",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Common.Tasks",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Common.targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Common.targets",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Common.OverrideTasks",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Common.OverrideTasks",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Utilities.v4.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Utilities.v4.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Framework.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Framework.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Engine.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Engine.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Conversion.v4.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Conversion.v4.0.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Activities.Build\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Activities.Build.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Activities.Build.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Activities.Build.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\manageUsers.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\manageUsers.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\manageUsers.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\manageUsers.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Roles\manageSingleRole.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Roles\App_LocalResources\manageSingleRole.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Roles\App_LocalResources\manageSingleRole.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Roles\manageSingleRole.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Providers\ManageProviders.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Providers\App_LocalResources\manageProviders.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\App_LocalResources\manageProviders.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\ManageProviders.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\managePermissions.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\App_LocalResources\managePermissions.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\App_LocalResources\managePermissions.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\managePermissions.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Providers\ManageConsolidatedProviders.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Providers\App_LocalResources\manageconsolidatedProviders.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\App_LocalResources\manageconsolidatedProviders.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\ManageConsolidatedProviders.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\ManageAppSettings.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\ManageAppSettings.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\ManageAppSettings.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\ManageAppSettings.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Roles\manageAllRoles.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Roles\App_LocalResources\manageAllRoles.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Roles\App_LocalResources\manageAllRoles.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Roles\manageAllRoles.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config.comments",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config.comments",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\locale.nlp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\locale.nlp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\legacy.web_minimaltrust.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\legacy.web_minimaltrust.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\legacy.web_minimaltrust.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\legacy.web_minimaltrust.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\legacy.web_mediumtrust.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\legacy.web_mediumtrust.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\legacy.web_mediumtrust.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\legacy.web_mediumtrust.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\legacy.web_lowtrust.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\legacy.web_lowtrust.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\legacy.web_lowtrust.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\legacy.web_lowtrust.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\legacy.web_hightrust.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\legacy.web_hightrust.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\legacy.web_hightrust.config.default",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\legacy.web_hightrust.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\jsc.exe.config_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\jsc.exe_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\jsc.exe.config_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\jsc.exe_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ISymWrapper.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\isymwrapper_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ISymWrapper.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\isymwrapper_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\iphone.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\iphone.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallWebEventSqlProvider.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallWebEventSqlProvider.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtilLib.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\installutillib_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtilLib.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\installutillib_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\installutil_exe_config_client_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\installutil_exe_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\installutil_exe_config_client_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\installutil_exe_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallSqlStateTemplate.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallSqlStateTemplate.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallSqlState.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallSqlState.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallRoles.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallRoles.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallProfile.SQL",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallProfile.SQL",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallPersonalization.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallPersonalization.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallPersistSqlState.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallPersistSqlState.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallMembership.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallMembership.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallCommon.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallCommon.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\iemobile.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\iemobile.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\ie.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\ie.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\home2.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\home2.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\home2.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\home2.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\home1.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\home1.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\home1.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\home1.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\home0.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\home0.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\home0.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\home0.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\Fonts\GlobalUserInterface.CompositeFont",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\Fonts\GlobalUserInterface.CompositeFont",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_GlobalResources\GlobalResources.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_GlobalResources\GlobalResources.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\generic.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\generic.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\gateway.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\gateway.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\fusion_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\fusion.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\fusion_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\FileTrackerUI.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\FileTrackerUI.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\FileTracker.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\FileTracker.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\firefox.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\firefox.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\findUsers.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\findUsers.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\findUsers.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\findUsers.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\eventlogmessages_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\eventlogmessages_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\3082\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\2070\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\2052\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1055\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1053\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1049\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1046\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1045\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1044\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1043\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1042\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1041\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1040\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1038\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1037\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1036\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1035\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1033\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1032\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1031\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1030\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1029\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1028\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\1025\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\error.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\error.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\error.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\error.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\editUser.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\editUser.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\editUser.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\editUser.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\EditAppSetting.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\EditAppSetting.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\EditAppSetting.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\EditAppSetting.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\dv_aspnetmmc.chm",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dv_aspnetmmc.chm",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\en\DropSqlWorkflowInstanceStoreSchema.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\DropSqlWorkflowInstanceStoreSchema.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\en\DropSqlWorkflowInstanceStoreLogic.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\DropSqlWorkflowInstanceStoreLogic.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\en\DropSqlPersistenceProviderSchema.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\DropSqlPersistenceProviderSchema.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\en\DropSqlPersistenceProviderLogic.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\DropSqlPersistenceProviderLogic.sql",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\diasymreader_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\diasymreader.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\diasymreader_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\dfsvc_exe_config_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\dfsvc_exe_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\dfsvc_exe_config_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\dfsvc_exe_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\en-US\dfshim.dll.mui",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\dfshim_dll_mui.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\en-US\dfshim.dll.mui",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\dfshim_dll_mui.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfdll.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\DefineErrorPage.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\DefineErrorPage.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\DefineErrorPage.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\DefineErrorPage.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\DefaultWsdlHelpGenerator.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\DefaultWsdlHelpGenerator.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\Default.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\Default.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\default.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\default.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\default.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\default.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\DebugAndTrace.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\DebugAndTrace.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\DebugAndTrace.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\DebugAndTrace.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\CvtResUI.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\cvtresui_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\CvtResUI.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\cvtresui_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\cvtres_exe_config_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\cvtres_exe_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\cvtres_exe_config_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\cvtres_exe_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\CustomMarshalers.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\custommarshalers_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CustomMarshalers.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\custommarshalers_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.rsp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.rsp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\cscompui.dll_x86_enu",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\cscui.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\cscompui.dll_amd64_enu",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\csc.exe.config_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\csc.exe_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\csc.exe.config_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\csc.exe_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\createPermission.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\App_LocalResources\createPermission.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\App_LocalResources\createPermission.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\createPermission.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\CreateAppSetting.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\CreateAppSetting.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\CreateAppSetting.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\CreateAppSetting.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\corperfmonsymbols.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\corperfmonsymbols.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\corperfmonext_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CORPerfMonExt.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\corperfmonext_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\confirmation.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\confirmation.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\confirmation.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\confirmation.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clretwrc.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clretwrc.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrcompression.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrcompression.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\CLR-ETW.man",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CLR-ETW.man",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\chrome.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\chrome.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Providers\chooseProviderManagement.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Providers\App_LocalResources\chooseProviderManagement.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\App_LocalResources\chooseProviderManagement.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\chooseProviderManagement.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\caspol_exe_config_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\caspol_exe_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\caspol_exe_config_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\caspol_exe_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\Windows6.1-KB958488-v6001-x64.msu",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\NetFx_Full_LDR.mzz",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\NetFx_Full_LDR_x64.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\NetFx_Full_GDR.mzz",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\NetFx_Full_GDR_x64.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\blackberry.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\blackberry.browser",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ThirdPartyNotices.txt",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ThirdPartyNotices.txt",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\AspNetMMCExt.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AspNetMMCExt.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state_perf.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state_perf.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state_perf.h",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state_perf.h",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_rc.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_perf2.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_perf2.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_perf.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_perf.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_perf.h",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_perf.h",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Aspnet_perf.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet.mof",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet.mof.uninstall",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet.mof.uninstall",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet.mof",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_filter.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_filter.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\SysWOW64\aspnet_counters.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\System32\aspnet_counters.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Aspnet.config",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\AppSetting.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\AppSetting.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\AppSetting.ascx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\AppSetting.ascx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\ApplicationConfigurationPage.cs",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\ApplicationConfigurationPage.cs",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\applaunch_exe_config_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\applaunch_exe_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\applaunch_exe_config_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\applaunch_exe_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\AppConfigHome.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\AppConfigHome.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\AppConfigHome.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\AppConfigHome.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_GlobalResources\AppConfigCommon.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_GlobalResources\AppConfigCommon.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\alinkui.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\alinkui.dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\alinkui.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\alinkui.dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\alink.dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\alink.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\alink.dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\AdoNetDiag.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\adonetdiag_mof_uninstall_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\adonetdiag_mof_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\adonetdiag_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AdoNetDiag.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\adonetdiag_mof_uninstall_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\adonetdiag_mof_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\adonetdiag_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\addUser.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\addUser.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\addUser.aspx.resx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\addUser.aspx",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\addinutil.exe.config_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\addinutil.exe_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\addinutil.exe.config_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\addinutil.exe_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\addinprocess32.exe.config_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\addinprocess32.exe_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\addinprocess32.exe.config_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\addinprocess32.exe_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\addinprocess.exe.config_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\addinprocess.exe_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\addinprocess.exe.config_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\addinprocess.exe_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Accessibility.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\accessibility_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Accessibility.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\accessibility_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\_TransactionBridgePerfCounters.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\_TransactionBridgePerfCounters.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\_SMSvcHostPerfCounters.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\_SMSvcHostPerfCounters.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\_Networkingperfcounters_v2.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\_Networkingperfcounters_v2.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\_NetworkingPerfCounters_v2.h",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\_NetworkingPerfCounters_v2.h",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\_Networkingperfcounters.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\_Networkingperfcounters.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\_dataperfcounters_shared12_neutral.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\_dataperfcounters_shared12_neutral.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\_DataPerfCounters.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\_DataPerfCounters.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\_DataOracleClientPerfCounters_shared12_neutral.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\_DataOracleClientPerfCounters_shared12_neutral.ini",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\_DataOracleClientPerfCounters_shared12_neutral.h",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\_DataOracleClientPerfCounters_shared12_neutral.h",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\vbc7ui.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\_030_vbc7ui.dll_x86_enu",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\vbc7ui.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\_030_vbc7ui.dll_amd64_enu",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\_027_Microsoft.VisualBasic.Activities.CompilerUI.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\_027_Microsoft.VisualBasic.Activities.CompilerUI.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\_020_Microsoft.VisualBasic.Activities.Compiler.dll.x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\_020_Microsoft.VisualBasic.Activities.Compiler.dll.amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DataVisualization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\42e13d81.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\BD59.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\BD5A.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\netfx_Full_LDR.mzz",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\netfx_Full_GDR.mzz",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Windows6.1-KB958488-v6001-x86.msu",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Windows6.1-KB958488-v6001-x64.msu",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Windows6.0-KB956250-v6001-x86.msu",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Windows6.0-KB956250-v6001-x64.msu",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\sqmapi.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\SetupUi.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1043\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1038\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\2070\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1049\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1046\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1045\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1040\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1055\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1053\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1044\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1037\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1041\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1042\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1032\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1036\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\3082\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1031\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1035\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1029\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1030\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1033\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1025\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1028\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\2052\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\SetupEngine.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\SetupUtility.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Setup.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\3082\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\2070\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\2052\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1053\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1055\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1049\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1046\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1045\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1044\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1042\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1043\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1041\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1040\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1038\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1037\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1036\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1035\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1033\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1032\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1031\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1029\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1030\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1028\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1025\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\DHtmlHeader.html",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\SetupUi.xsd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\UiInfo.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Strings.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\ParameterInfo.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1055\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1049\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1053\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\2070\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1046\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1045\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1043\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1044\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1041\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1042\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1038\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1040\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1036\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1037\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\3082\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1035\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1032\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1033\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1031\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1030\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1029\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1028\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\2052\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\1025\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Graphics\warn.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Graphics\SysReqNotMet.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Graphics\SysReqMet.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Graphics\stop.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Graphics\Setup.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Graphics\Save.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Graphics\Rotate8.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Graphics\Rotate7.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Graphics\Rotate6.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Graphics\Rotate5.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Graphics\Rotate4.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Graphics\Rotate3.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Graphics\Rotate2.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Graphics\Rotate1.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\Graphics\Print.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\DisplayIcon.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\watermark.bmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\SplashScreen.bmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\header.bmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\netfx_Full_x86.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\netfx_Full_x64.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\netfx_Full_LDR_x86.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\NetFx451\netfx_Full_LDR_x86.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\netfx_Full_LDR_x64.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\NetFx451\netfx_Full_LDR_x64.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\netfx_Full_GDR_x86.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\NetFx451\netfx_Full_GDR_x86.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\netfx_Full_GDR_x64.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\NetFx451\netfx_Full_GDR_x64.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\netfx_extended_x86.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\netfx_extended_x64.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\netfx_core_x86.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe","C:\26cb36d3b0c2503e624a16031cbf77\netfx_core_x64.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\A6FB.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\A5D1.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F706FC48611F4300810D01B457BF11F3.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 333983A932EA41b5BA9161A82568D37D.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 661AA4FC922D45dd972BC15A14C04A48.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\1A33.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\b5786273-786b-4ae8-b343-08e7fb79eaf2\index-dir\temp-index",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\CD0C.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D7DA697B91AF4168AEB303DB3525A4B1.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6BF01FAEE2A341db8560309CB4CBAE39.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C337115F8EF54929A97803326E236672.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\98B2.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\b5786273-786b-4ae8-b343-08e7fb79eaf2\index-dir\temp-index",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\5E51.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\bdfaffaa-cca6-4469-85a6-a2aef9373ef1\index-dir\temp-index",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\306D.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\306C.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\303C.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\302B.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\2F8E.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\42e13d80.msp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MOHQ65U4KCG57D0WLOT1.temp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\LOG",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\bdfaffaa-cca6-4469-85a6-a2aef9373ef1\index-dir\temp-index",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\bdfaffaa-cca6-4469-85a6-a2aef9373ef1\index-dir\temp-index",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F026E4278C964a6f8D956833BD5B40A1.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.net.dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.net.dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.core.dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Core.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.core.dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\vbc.exe.config_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\_023_vbc.exe_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\vbc.exe.config_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\_023_vbc.exe_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 090103DE7C864113845ED1B8FAA186C5.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 605DD5FAD73E4393AFA263C058321B13.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1EA7AC8E4FEE4cadBC7A9C6E3992F901.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A9C786EAAD304662B187B851A093D343.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\42e13d76.msp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8D664E7362DE4080B5217A005B98AF39.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\NDP40-KB2468871.msp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\sqmapi.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\SetupUi.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1043\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\3082\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\2070\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1049\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1038\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1036\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1046\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1045\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1040\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1055\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1053\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1044\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1037\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1041\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1042\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\3076\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\2052\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1028\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1032\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1031\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1035\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1030\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1029\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1033\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1025\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\SetupEngine.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\Setup.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1044\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1043\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\3082\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\3076\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1045\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\2070\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\2052\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1055\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1053\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1049\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1046\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1042\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1041\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1038\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1037\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1035\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1040\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1032\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1028\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1036\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1030\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1033\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1031\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1029\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1025\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\DHtmlHeader.html",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\SetupUi.xsd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\UiInfo.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\Strings.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\ParameterInfo.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1032\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1031\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1036\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1038\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1049\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\2070\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\3082\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1045\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1040\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1043\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1029\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1046\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1044\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1055\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1030\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1035\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1053\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1025\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1037\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1041\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1042\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\3076\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1028\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\2052\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\1033\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\Graphics\warn.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\Graphics\SysReqNotMet.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\Graphics\SysReqMet.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\Graphics\stop.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\Graphics\Setup.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\Graphics\Save.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\Graphics\Rotate8.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\Graphics\Rotate7.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\Graphics\Rotate6.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\Graphics\Rotate5.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\Graphics\Rotate4.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\Graphics\Rotate3.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\Graphics\Rotate2.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\Graphics\Rotate1.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\Graphics\Print.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\watermark.bmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\SplashScreen.bmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe","C:\d4970300a53f1597f9d5858ca9\header.bmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\42e13d72.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\MicrosoftFixit50736.exe","C:\Windows\Temp\MicrosoftFixit50736.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B24444413D574bd392AA3E065F8B59B3.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A4380B2F083E4b01985A26396233B709.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0304DDA1C65B4bf4A665AE0BD5337A14.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 449A8812132E40c9857776E2B7799E02.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 714DF52EBCAE4bb391B4D5730CD997E4.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 027E56ED4AB74e138F9592BBB7C74713.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D7518F07978145fc9577BD83FCE663CC.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\42e13d71.msp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B7F6D075784B4481878184E3921AD077.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A3E7BCBB31024e5889BC143036852DA9.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_data_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_data_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscoreei_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscoreei_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\locale.nlp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\locale.nlp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\locale_nlp_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\culture_dll_x86",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\locale_nlp_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\culture_dll_amd64",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT6A6F.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Internet Explorer\iexplore.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3112MBJ8Q22DE0QHQEFT.temp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\42e13d65.msp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\Graphics\warn.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\Graphics\stop.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\Graphics\SysReqNotMet.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\Graphics\SysReqMet.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\Graphics\Setup.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\Graphics\Save.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\Graphics\Rotate8.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\Graphics\Rotate7.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\Graphics\Rotate6.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\Graphics\Rotate5.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\Graphics\Rotate4.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\Graphics\Rotate3.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\Graphics\Rotate2.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\Graphics\Rotate1.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\Graphics\Print.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\3082\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\3082\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\3082\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\3076\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\3076\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\3076\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\2070\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\2070\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\2070\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\2052\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\2052\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\2052\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1055\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1055\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1055\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1053\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1053\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1053\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1049\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1049\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1049\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1046\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1046\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1046\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1045\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1045\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1045\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1044\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1044\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1044\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1043\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1043\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1043\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1042\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1042\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1042\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1041\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1041\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1041\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1040\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1040\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1040\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1038\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1038\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1038\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1037\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1037\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1037\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1036\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1036\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1036\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1035\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1035\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1035\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1033\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1033\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1033\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1032\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1032\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1032\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1031\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1031\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1031\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1030\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1030\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1030\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1029\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1029\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1029\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1028\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1028\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1028\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1025\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1025\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\1025\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\NDP40-KB2533523.msp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\ParameterInfo.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\SplashScreen.bmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\Strings.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\UiInfo.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\header.bmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\watermark.bmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\sqmapi.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\SetupUi.xsd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\SetupUi.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\SetupEngine.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\Setup.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2533523-x64.exe","C:\39d4dfee6af552645510\DHtmlHeader.html",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DC9A2D131C9644d4B41900BCFC17E63D.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.023.20070\BIT4AED.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 84074625B9A34d738D5494785DD8170E.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5A2FBEC0F9CF4fa0A86CAC2800F73463.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\42e13d61.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\MicrosoftFixit50736.exe","C:\Windows\Temp\MicrosoftFixit50736.msi",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\42e13d60.msp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BIT4B95.tmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4CB6DB8BA537498c95DCEF2D9CB6074F.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EFBF4FDED5F3423a8E9908691EA270C9.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B6522866EFD04ade9B0ED5F4E0DC6B71.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\42e13d5c.msp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\Graphics\warn.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\Graphics\stop.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\Graphics\SysReqNotMet.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\Graphics\SysReqMet.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\Graphics\Setup.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\Graphics\Save.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\Graphics\Rotate8.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\Graphics\Rotate7.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\Graphics\Rotate6.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\Graphics\Rotate5.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\Graphics\Rotate4.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\Graphics\Rotate3.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\Graphics\Rotate2.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\Graphics\Rotate1.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\Graphics\Print.ico",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\3082\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\3082\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\3082\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\3076\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\3076\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\3076\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\2070\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\2070\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\2070\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\2052\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\2052\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\2052\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1055\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1055\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1055\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1053\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1053\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1053\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1049\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1049\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1049\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1046\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1046\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1046\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1045\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1045\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1045\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1044\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1044\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1044\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1043\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1043\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1043\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1042\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1042\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1042\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1041\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1041\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1041\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1040\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1040\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1040\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1038\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1038\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1038\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1037\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1037\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1037\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1036\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1036\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1036\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1035\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1035\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1035\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1033\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1033\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1033\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1032\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1032\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1032\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1031\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1031\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1031\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1030\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1030\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1030\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1029\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1029\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1029\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1028\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1028\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1028\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1025\eula.rtf",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1025\LocalizedData.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\1025\SetupResources.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\SetupUtility.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\NDP40-KB2600217.msp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\ParameterInfo.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\SplashScreen.bmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\Strings.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\UiInfo.xml",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\header.bmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\watermark.bmp",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\sqmapi.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\SetupUi.xsd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\SetupUi.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\SetupEngine.dll",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\Setup.exe",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe","C:\5b2550e69d14d9b6d10db1a9\DHtmlHeader.html",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AA0EF7AF0FDD44269ABEB083EFA1DF55.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 18CBFBCA12054faaB26DC0CF1A02A909.ppd",2
"2017-03-21T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 598FF61BE2544baa95ACD5A67E88EEE1.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 01FC24A00CBF4371BEC9F73152532F2E.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DBEB977D6AE842469584DADFC72C2482.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4EDA69E654454ba08DBF9D2FB875BE0B.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8EA54B4C074D498fB758022C74E4442D.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CDF68872A4E04789893678465DDAE8A3.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7234CDE1529C4b838FF3E6DF69698406.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 694589B9E21842e1B8DEC4D6707BDB35.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 44699040C7C74fb9AD93345D03693D31.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FB232C801B544e24BC07B534FB576417.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1F6A34FB277D49e7A97C139568B9E024.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B5449056EB5D4cd7895313B39C067EEC.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 259F3262A6454378B5CDA9BA80C63F28.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5FB8C706E26047158D0D9C237F6D50FF.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B32971D5D07B4ee480DB380FF86ECE2B.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 36B3418EE80B4425BF983B2D3C052BF8.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8CEB8467E6AB4119BBF3D5BCD6081984.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3EF184B269714f4b91202D0E450A60E1.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7DAF8CDD3C3C44bf887495116285A11F.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F4BB51C498834f80A0633DCCB99E0B4F.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 639050BC0CA14872B32B29E16F89D67D.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9F42D42822C149be9A034BA801BCA372.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 00D44778FAD0480eB8C2A2996F8B8679.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4572E5E892CF49eb89C903E0C916BED2.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F389BCF9A39342f2834E2DECF64F1975.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D10169B765CD48c882538BC7A62B1600.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 561B6EFB795D43809084C24E8D5CAC9F.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9531DDC300F345a2BC76FAEF6E16F9A4.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C8216F3F32764f6bB3B8483F680D7A8E.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A5F523E1CC6C4e88A574B663A972C97B.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AB90ACC3874D40bdA652436F6EB52D5C.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 31321EA225C14779856C12508C2F5C4A.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8E1BB6BC1A4A4822AE92764289ECE621.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B0AC90A6736145fdB97C74989E7BB9E0.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 392EA1017CB64f2099E71A6EE174D9CE.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DB8DCFB884B84e00A7843EA24395ED65.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 35CBC8B6EE1748fdA7A68B5B2ACAAE0D.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 470E2340A4D44a03A52EA1BBAB62FC84.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DE6DD4A4C323404eADA455A7A58267AB.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 32C61E85EE7149acBDA611E234A5C128.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BDC4C16010794ce4974B7B9427921B0B.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 33F3B273496840dc932306CACE808523.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CE004B1AC6534847B67EE612E1678B4A.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1009B2BA0B8F460f8AABB258505D6C6D.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6815B73A2DC843d3A240A7DE826E0735.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E79E5034CEF842ce96BB44CF234360EF.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 704FA9C5050D423e9AD334FBBCBB736A.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CE31C1B354E845bc94BD8C9E039C3CF0.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 071007B77C8D4ec79591478382D08C5F.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FA25EDD0675C4695B1B56B9BC0DEA07B.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 493416DFD941423b83415F9D688B6236.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DF3A2773716246dc9F2FE1A2F1016049.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3C05A43E1A2C4257BFD04DCC7518A8EE.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A0EFB73BF07F48eb800059FC5E0F3E8D.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FEA7BC1103D44dc88FF3A24D574E0F82.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 284EC6B53FF44b21A573B0A7D95E9F3E.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 06E564CC93194adfBB4C71763D8C90F0.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0EB0B020E6DE40fb99B09EC6D67A853D.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B3F4B2F99A004228B4AACD4DE53A474F.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8F235500EF454de58F2CEC4EF01E8F5E.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CDB553FF3A6C431fAC21719D66CD3B87.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C92B6A4A5D164fd29682AFA18D3EAF8A.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 737F8280154F4c3c926CE53A72A256AA.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 767442B9B5D845c8A8475D4304DBD6A2.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 84FD3AE77A9F4fd3A6CB61056379ADE6.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 655725A405C2401dB2798D8F69435795.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4AC8313EDA434a9aA0E77349DED71051.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3047842EEEA24cbe8404D9C6830198C2.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 28C521B5BD974c60AFA54A1AC2BA0ED2.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A3C11CC439FA444f99D2A64F75BB519A.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F7B22B4F15344f0885DC1D67C006A7B1.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4143FBE2AD32475dA13C4C2715EB5947.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ABA95761A37541c89CE4C4470B53BFE3.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 229BF7C2B7CD4effA1D09D37A0C12BDB.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8F4FFD5DBB3A47798CCA1328552A5E14.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B3E3709A154B4f40885A8E15549B8791.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8836134BD1694a8d8CD1ADC4E45D6FD7.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 36F15F1970A84be2BFD23CBCABAF6CC4.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D3CBDF59BA8644029D65417FD9423FF0.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 033521874C014e3e9A151F62E6FB1F4D.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 77EB2EDD309646edA6D342037FE8B777.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 84E3128A82D64bcdA16BD6033D1BDF9A.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9595F89E49BF41ffB0F847563D28BD86.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3A4234A6854548efAF721691F9DA8475.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C4C63AD07BED4719BE6D5B2A69DFF760.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3A2D8DBB4ECF49bdAF786E687A061C95.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EFC27074570C47eb93F4D53C6C8A42FF.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6E193EE3477B4a18AB2A587B33E99615.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B40EE92BF2C641a8B91BD771D7A7D28F.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3A07BA66DF904f0399697178E3F1BC58.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9E8C302087C541a19E6B2095B3B40A96.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CD5684B4817E45d7879786556509E609.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8BED24AEBDAC446fBE09ACE087C89EE8.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BB5B9F786C324c729807DC4891E18A6A.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B61DE0B042BA4fdcB6528DE67D93DD5D.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DC0CD8691AAA4734A76F67A61C2A27F8.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 359233175E204d32A0CE2F14177F8339.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 77D788B6085D4dc084946C710C3932FA.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DD1C903315E641af919C5DDD8C026661.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AAE920A29BFE48b0952C70BA97394B55.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 311F6F1F36CC4bec8916D00ACFDFAD13.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 64E6E8087E6643908BD6D60FAB0A4B44.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 951EAA7095FD4b3996788A1437234BEB.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 11DB1458FCE542b5A0B605DA1D5988D0.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E0599E5AD8DF4d769DC8AD10DB9C6E20.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 04A86735F6EB456fBEAE1860FA8468EA.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D7F56A75002A4f739DB7545D9443491E.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A83D8C6C7DE444d59B6263C790B78C11.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6AD3E38DA3BA40379AC0D4D58EA6EF23.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D42703A6501748d2AE4FA97963D862DF.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3ADD2793EA7B4a7bA27384FFEF401697.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B7D3184DB6074b45AC0C47E40825B78F.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A878C5CF8BBD4c11AAB30E52DE0CFE19.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2FFEA3C243DB455c8F07FFC68A3B62F4.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6BCA630696764e338D4D5FF6E5AF6751.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DBFBB800BFA94ee3BCE23CB442DEB560.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 86CD316404FE46e09F0E9CFB17B98A9D.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6A6A626AC52646cbA8D92BDB1765B2D4.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7629cd99f4e3e1c39e1735c74cd22451\BIT997A.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8764ced1588b5bc36673274f67675043\BIT995A.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7b0564db502282e117b03a4512010dc2\BIT9939.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\906e77581908ad125e3986bd848fc091\BIT9919.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\037ec1a0ab9f6ce993b99f88aeba7cd2\BIT98F9.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4dea1a49e6dfbe2bc1391ea95ad9497b\BIT986C.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1272ce940b3fca765ccf54b566348da2\BIT97CF.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a1ea8c42f323b40aa389e2c3e77ca5af\BIT97BE.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b7f18312564e1ab60a7a67fbd1a02e52\BIT979E.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6068331f0f8374bbfafa8765dfec6c25\BIT977E.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e4b8cf6fb29f39c5d1650ddd617c5a72\BIT973E.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\36b83c852ff815d1df23136fb7a0ec4f\BIT96FF.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7e41b22e69e31615591af7cc56e63014\BIT96A0.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\86294af18b327a5cf0adb67c9b250b16\BIT9661.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2b77a1ae1f8f97e846ccc8b69a9dafc3\BIT9621.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7b4e265de6d5400655de5fa89d05e135\BIT95E2.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6ef829b9e1cc54bba3941176f27397a6\BIT9564.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a9f4636d30c0dcf2284a6923ba6e9844\BIT7F44.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\70c0e7f75e272561ea4d92ce689d468b\BITCEEA.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\37aa9a9fab9a1d048b5a8c50d0982f39\BIT7E88.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3A8AA4B65AC846a8812D80FDE4973336.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 419935A0E14E49d494ED6C48A6B59D05.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 19CEDAE08B144286A28A976B2C4D0F2C.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT593D.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\dde051ba04743ddfb6c03e81a67c4679\BIT1634.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.023.20070\BITB520.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C9819BAF530B47249C58FE9125F9A55A.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 48469691FE454cbe9DDF265263698F8A.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 49F6ED3EF9904018BD42F758BF83D153.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\485bf13b9bdd004592de95f0f69566c7\BIT205F.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\70c0e7f75e272561ea4d92ce689d468b\BIT2010.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\dde051ba04743ddfb6c03e81a67c4679\BIT1FB2.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7E447AD40A9A4ee4AE7557E05E2490BD.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8E89997824554e999427E7C78BB5D325.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BITDE39.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 008A0DB80DDD45148E0E546913A73BF1.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fa5b5b1de4b269423990594d73cd0bc8\BITD230.tmp",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CC4419A1EDF24505B5F9F9E2B4747583.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 837C87D619324fb8A11BB5CDB261BAD5.ppd",2
"2017-03-15T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 04BB30BBA3AB407eA78C8129512723EF.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 31B54D2AD1E14f20A1FB33AD536BF964.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E31329D2AA8F4629A91231DB16AA42A1.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E1956D41366E4ac3BB970864301B1892.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1245C7B8EA70489aA7FD29BAD2FC4DC1.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DDD6841A166945d4A63F85F9BD47B200.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EBF628692676477395D21E6B906A30E4.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 52F0E6FC46FE4480A544EDDE7AE774EE.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C1CFA18B2EF84de794B481B98579E5B9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 58A51A1E58E64a84A1D77384B45D21B0.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DE5F485D4FA443dc92176109430542FE.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 75D030C06B854f55B7459F6CBD27A21C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DC86DF1DF5234b399A436755B3F41EA0.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 206F35B071D740f188D685FD4E91B19C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 001D2024BE3D44aaBBD8185235A8E5C9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 228D33BC67884e13920CF3EB2048CD81.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F10019A8740641e89B58BBC4247C13E3.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EABC1927F7C3485b9287135BEA61C6FB.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8B4285D3ED184383A57E2AB24F212815.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2551A3409BD44dd1B24DFC0689C20D83.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A2F73B693C70439398D12A53897413F9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4DA79051C31F491785CEDF407F305780.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B6ECE3A25A5A460e92ED0EDC44757EE7.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CF963F8A5736415cA86D503D1F7DCAB5.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DBA7CF1CEA214ede88ABA2D8F34C84FD.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9BF8EEE9D9A244df8E989E71EE757F30.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 44992714760746e199E6C8A46245B395.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DE3E79B489154bab9F722B89CB902FB1.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DE24BB0BEE7046f7AC47EF42E36496F5.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8BD69D2316AA481d9FEA89A101BA7027.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 16D5F163E9184e08808C807D11CD2F5A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BAB85264529C49a4B2EDBB159B769083.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F9D4CEED487D457f9AABF9757D64082D.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CC8BFE5ACB7D4cdeBA192946911358EC.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 08EB9B5BC25740feA12998141936DC58.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 70798FA55D954c71B220DDCBABFEE3C9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 11853783DD6C48f8ABE6AFC79ADA6F77.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 464948C156F94b0a97A0EE88B19D58AC.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 118D3DC7933444f29E87EAF98EC07AF9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B23FB02E071846b7A9A6D3D4B4EB53C5.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E5F8D736A2424b9a9473ACF291F100F9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BA94592F376849c980864DC50F128976.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 14F0CC04B6A241208577685FA981776A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FEEFCA9EDA324477B2E82D00A2608900.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AE8DB076D9954764B1A361D9B2B53557.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 05F1B8EF9401404cAA30C8BBD8D20D0A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3C7587EF14B6454482156EE1B8DEF63B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1A0AE73853074de59220A4F198666D82.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6F80015E80EE4d52B5E3CABFEC5EE0ED.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A9FA24B4984744489DF393955352AB62.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5146EAA268184b8b909FACD4790EE35F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2B047C7EB01249e3BCF3EA7672FC9CA7.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B6EDA33CC0034927A7B1D1E417AA9F01.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C30BF6FE9DC742769EA54AF1CBC3964A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 89701F6E09F5441aA5C4E9D775B8C657.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A788D274A92A49bcA6FAA82D5948F9EC.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DEE5DFE5F7A14e40827B2D722D24B5FD.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1FACA78F07954748BBC5727E59E0E855.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B9CA505A525B4895BCEFA06E11A63971.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 98225F1A9E7A4cc68407872679D99DFA.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8A8A2639DB02483a9365114C4B1E64E9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 705CC8EE1F314ecc9E549DB292AC6740.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C7396331FE514aec8940A4C856F84B92.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4BBDD2B7E6D14798BC3C6B8B4B50C551.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A96E3A83F97F44d49714D3949E580CC9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 32BB5298C89D4491AF6ABCEC2A29F7F7.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 481BC8503AC54d33A9AE2C2C2C9DD360.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4E3EFDF2720C4f82AD14185C5EFE343E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4D0D189CC27F4f3988A77E7019D78D41.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1DEE2C1B0EBA4efa8EA61EC4EF692C58.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B178D226D22846729FB50C841C4B9DB7.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E2ED98A33BEA4cb39CC4D18B725EA9D8.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7B26B27208054d929964172F4D31B0C3.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 777250C96CC14e08B83ED3B5BFCD15F3.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 588987866CFC49bcA3C89970BDB21664.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 82497413D75D4addB26F9B730D79F091.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7749F26E63464ab2BA58D7ED45D5313F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2CD4F0BD327644c7B38596261AD32BAA.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 177C804C14B34c09A83E64B768A8D118.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EE1A03BA84B04724B1ED298A8384F3E1.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FEF9F43EAC514d45ACF98A57010B1238.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 77C99D0C97364129BF6D1C730E8E4469.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3CEE5A646D4748ce862D74EC207FCA65.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EBE9DBAFC1B0456189905339591B4674.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E67D8F5E3E6F434b8BD708FAF10E018E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A1F51A0920F04ee1B8A855462B28D2D3.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 91B176BEBFCD4af7A9A1057C504CD590.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5F095DD4BAA24ed98FCFF951E0CB06B0.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BABB345D71A441de938E1CA8584F4DFD.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BEAB8A01187C48b99FA6C389D187E196.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0B2F24D48B484053A595600CE63F4466.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 59632BD6DE0F4ae29A454CFF3CBC6C9F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2508CF6CD42E4fbcA3CDB279E5F7DC03.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F9ED29873985471a994DA4D13C26FD9E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 67D8223A659944ec9332265165A327A2.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F152B544D46A480281B2323A41D05D74.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\Alarms\Alarms.json.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 126438F22A854a5aAD11D89FB6E98C2A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DB45CBC9DA2E4178BD54B70720F038DA.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2C6A5CAC513147dcBBA38873FD6EC19E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 21E8CC943B8A4d8083062B1D6522D557.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5CC56C574BE54e90BA6D4FFF3083F68B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 432C8CA7C1CF4147A48A798B700006A3.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8BCF5AB8E4B947e9A682C2496E98F15A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CEACC38CE6E243aaBC529EFC5C1B963E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 285C0E66447244648A83F3B3EE652B31.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DC398B13387943208FE16D6847026510.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AAE9C5D6D0824c589C8DF646D4ABD84B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E8AFBB8B3AF141419D771CBFECD417DC.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 79FDF4611CB64935B192737E33154B41.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 41BA84B56FF14494A984AE9493EE2145.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BD581304607F4d9aB7E2EF8578E752F9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 12090C1CDB49443d953D2A44A18C1362.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 972548834F53429f885CD1643C9E8DF3.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F69BEA450952402389B569B9CF18BB0A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9AE2565934904bb78189DB3C4040F52E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D11E2B20B119477b85FDBD3850712938.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DED811EE38DF4722B4ED94CBDB5EFF0C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8C6E8CDB437841a1B3B40CF3AC3733E4.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0F27BA756F404e1780EED74BD557E236.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3D4F055E6A7A478cAB92C3FC68A30F06.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 31C3DDFFF55749e9B0466B515729E78B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ECF17DDCA2B64e4086BA6F18DE058B3F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6CBD9C135C3E4d5e9C43269175214589.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9812C1A534F2406b9E060CF000BC2971.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 566C4032520B4d50950EF7697EC791C2.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D2734C8CDD3145cd987E92CD7B4DC3C1.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 60941FF2B1D6404c948219823E0A5F05.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 58D0FFC5A10246eeB8579B2D599C6B54.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 45EFBFE0176148f9B710C9DBDB321E62.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F0B05C62B8594bc988F2341148E689C0.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B52728DF38D94ddf998421385F212734.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1D3B1C57DFF9486cA0250DC8CCD79D03.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 98D26C5C45EA4b5293C495DABDCBB1D6.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 754D77B271F945ceB9C59560987F3B7B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 60A40C7CC14D4e70B5D19FCFEEEEE40C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D42C57F200CF4352B691FAAE4F479A8B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 69F3C18DA66142caB6E04322CF326B93.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 564452DF27C249f5B6222575F1FF1B57.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7ABAFBA1EC984834B561BB6FC2CEB909.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 707F3BC6D4194512873809101D94F1BF.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A5EBDEE8135D439e98795B1B464A1DB9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 266058E9CD6C4ed490922E27FF8689A2.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7272F2723A1C4619A7910C0366B07685.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F72AD4F5B2C2445d9F3C210B7684041D.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 742FFC102E2D49f19318FF3CC58C8BCC.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 919F2C926B08447dABDCB4065D7ADE64.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 976975F1F5F94d269162EAD76C19B8E0.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E5714E91696D4a66BEF5623CD94A5A7A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 582ADF1337724de7B1D1E37FC45C32C0.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DA24615E954F4f76BD6615848279F779.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CA9F1E772EF14ba6B845686C4C690A4D.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2C98FE18D77F404996E47C9D722E091D.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 408AFFA07BEC4f0a99A3F81F87D00C3F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 95B692BA1C834f48AC10ADDDF99893CE.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ED66CBA988E8490a95EB02ECB3520244.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8A8A0942132C4e4b83A139C018A54AE8.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 41AFE83283FC4e13A71BC77705CC6440.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 915A951580D54623933A74BD06F4EFE9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7EB326A7087C405bA0424C62F476F61E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7A08D7C20CB743eb9B75ECAF12D39AE6.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 78EC2E49BF81419f8D34662F582FE4F3.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2C9E67EA6F0E4bc09525C64314A70253.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0C7E9D962A6F4b48B6FCDF238DFD4E54.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8E5A9CBCE279436c95F5308F81505EC8.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B1B983F2DFCE4fae8FB67726708AB73D.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D243D8F80D994aa1BB47AAFE8A431E0F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2DE1B79C497C445aB4B0830A1D4941AB.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 83C8633E95FF4b299967E63657C85D5C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 16A7B80855244d4f9826D64682272FE4.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FF47970E71B446079B697230D922992C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 378FE9CAB85248d885FB4AE40822EF0B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F9B8F4DC9C5C44f698F6C5C17E5A4771.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6EBC5577D95C40349DB6F30E9660B06E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2912A8D359BA495fAA8BDE35989B724E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DAE8ECA8F8D74cc5A45FD712DC8C8D9E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 061506CFFB0346dd8BC8A9BCBEEE6F4E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 12A1860A71434268AF15310EAEB4B365.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DD6A4F50E550499798ECC8ED2E6DD8BF.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F9B48A3ABCFB4593B78E4548C70DE62E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4EA7E43A0EAC49f6B79FEAD9D7559BD1.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B581CC083D12408d82153C27E672C8B4.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B84B42A944C5492b84DD4BD91E92DD23.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 109C505E50D04acf88C61B65E34D920F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E75B45A16FF84c3e8788E8A131735D1B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E42A79242B45459aBF55EC5AD06468CA.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E2ADB84A447F44ae9DC1D4DD9F0CBAA9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3C5C560E6C8A43a48F2D6F7D83DD1E68.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DC340C3BEA094e19BD217DA58B5CE2C5.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E95D1BD7253B41cf94CEBF4A9299BA86.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3ECE9543AB014edfAC4DDFC1D43F2F6C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 92D6F3FCE36A4fa5BAD5ECD72DBC87F0.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B797F0CBEFC54699841CE29FE3C0C64E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BC46A3D1FB504c8cB418D99EB0C37057.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8447B3FD99D64fdcB29EABAE5DC86056.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0C61C5EC06F24f2091F4C2A2FC0DE228.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DC23735B85FC48f69B8A7298BC245010.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 366988B17C5643589C89AD69AACEC579.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BA02CE94DDBA4f28B793AA2DB24669D5.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 36C92F8081C94a15A8DEF9F6BC153033.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 43792D59586447c98499AC462191D32F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8B8CB5ED4DB04ec390AA9C671E794AF6.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5AA00990CE7345c89A82D5447E948512.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 11CC71157EF84f97B4ABFD27836C6A09.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 12FDB5DEB3CD4731B4D3AE62CC3E4D68.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 39DB3EC857BA4b8d97F4DE223CF03869.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BDB66CF02D5A4163BA03B2A39EFE2058.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5F05A023BD6B467f9869495628DB494F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ED8EA58E8CD344ceA520351AC7F578C8.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9886A295623E46129223C536E1885320.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1B8E2E04A5534536A04F7F529ED20986.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A4000B2FCED549ceBD6672195A331835.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 99B462344A414fe8923D21DE6CFA05F6.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F9575F10A33745a6B87773AB50CA0601.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 91CA9FA8130D40c38C7F9671DE571B10.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F95EBCC0E4D145b088EBFE49803D3647.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 118801D4FEA04b68A55CB1909F923716.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 600BB97BEE404a6bA0DE5FEF0CCC7C97.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 218980335EDA41d6BFD096CD1C585269.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E14F78262F624017A25086305CAFE8AC.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B7F49C5D7E6645cdA7EC7DE8333392FE.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 52A58B55E27D44b9BB2D4B00B83E7B7C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2655F0C4EFCB4952829C66802507EAD7.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 52CDB40200224de7B171B67D449965D1.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 865975E9347342df9244497026A34539.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 27DF675309284ed6AC266E719C37F933.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1666E9E0FA0E4b459F9B29C8753CE707.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 661002ED569A4d349B7CA1D2FEF9246C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 76A375BAB3A94e85BC5E24A7632D850A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D605E87765294ac3802C31EC6E986779.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F71F053ECA1C4370A36682AAF12EBF16.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 94BA051A482A404eBBC22BD2BAC0B3A7.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BF62A34DB38344eb9F0E9B296A620F32.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\Alarms\Alarms.json.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DEF335E7D8EA4da1AD494B6FCCFBB91E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C1BB0DA9D8C942bc8C6EF22278E1FD16.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4D747FAA4CCC43e886B04257E00D6FC0.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8126B3CC02974888A1BF635F5303C13E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 83FA939740D14d508FA760E64B16547C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6E6E9F89EF334425B857366DB5997BC5.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3AEBBAA946FF484a9E72A810538A0907.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 294094B922E54401946EA88EF36C246B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 33FA42416045469e9C4157DD49E06B9D.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7A9B188483BA490b95A582952FBB1A98.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E48075D4078B4a8e8567977B9FBBD65B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E7219FBE83E94716AF0918653278EB0E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A5663ED569AE4b00BFC619BF32D6B019.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D7EEEDB762034113B674A88A0CC3548B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3FCB61FCC58B4af18847A5810D9D0B8E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E532B4F1A7864c5aBC1DE182AD45DC01.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 87CE713F6DB74869899FF82F2128FC2B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8EFAF9C181294e32AABD97BD506C2B05.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\1488992895.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131334664939323543.txt.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8624AC450AF74020A88CA16434B29513.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FB6F690204C94aebBCAAE1D545F95E31.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DF88E07E866D4d9597851B4679E22EEC.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5CE4928B764B4bbe9D2ABDF4DF5461BE.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C3FA534752CC41f18738146CD4DCFBAE.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 907E72061D8F42f2BD5E3F76F97CD94D.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2165638D715543a7AE9A3B19620892D7.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3B99F7AE06C7400fA862FF9484953341.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB01650929BD416e8B34CE213DC8F07B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3C610B00A5024ed197F0EF7582B0D498.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 16C5FC65BB694b7dAA1EEB3642FF6B8E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 27F28BFE305F4ef896A0E5B4DED63582.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 71E49EBD6D834ff29FE26D60CE937164.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0966642ACCBE4c70B844B2FE3BE8296C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 857F17E11EBE4c89AD8C4B2FDFA34510.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131334663849147961.txt.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5E380A21BD574a9aB563BDC1FD107E9F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6AC4DB95D0034bb0BC6D5743D1D97A60.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 97709436415A4da2B7D1CAAEAF470FBB.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F4C1C58B1F3E4d9dBC66187E8CC77C38.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 72E9E610750541f380D6B31969CBF69A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D6F55053985E490bA9BD869A60622A52.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6E225D8F74A141c1AF9EF5DDB5EE740D.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 048518DE33E14066B991BCAD8DED5AF0.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0EF1BF6467F447c4818D5915DD01DCCB.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EB87C63B682048bcB16F0A4A85AB0DC5.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5E288309AF104a06B0849E1A0F824B4E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E6EED270EF054c2e8C5E85DFF5A3FEC0.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 403AE502D09147ddB5A9A817347D4522.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 642EADAC0E19402cA53408C40B6AA979.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 88B54F1CFC594db6955369CC79E99263.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AE8045FC20A047258CAE978E1254441B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BA64648AEA21452b8DA4B9FECA42E2AB.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C8191966D42D4ac18D272B4CF8A50ABE.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 69C355D4F1BD48e184D28C5F7E76ADE6.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0BB712D9BA4B426e9C045508060E81DF.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 24AFE99824B24a1189D1180B09804EB2.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 13C1317A9BBD4fa0A05128FB4BB057A2.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5B05C7078D754545958B4F6FA68E5B21.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BA775093070140d3952C8ECADA466230.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1752F7332FC640b185029F9413531FEF.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C299B9A7ADD8486aA0AEFF4F1D5D6837.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6FCDA3E7DD1543ecB5493C5DF1789E1E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 103FBBEFFDD943859FA3E192356F6088.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F516F8DC09034acdB143F0FF2A8F0EDB.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 672208C4004242bfABBFB8530536C9B5.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D4B424428B1949e388A4AA063BAB4786.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 44E54BB70783470bBAE5BC3EA83A5818.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 426A1309475C42e7909FC2AADA25C8D6.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F3A3C8BCEE8E4981A9F636C105484FCE.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4F4F67BBD021439bA1A0E9120504775B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5789B9E1298F46259859CBBA13F4B25B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1488992250.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1488992249.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\Alarms\Alarms.json.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8964BA41421C4292AE529FC69F99C59F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B16BBC1B89EF44d5894623C10DF9F6AB.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8C7574E1435549d2991111F53839EE49.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\502196ef.jpg",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe","C:\Users\user\AppData\Local\Microsoft\OneDrive\settings\Personal\global.temp.ini",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\487d970a.jpg",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\A64.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\A74.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4DC81853D26F4934A100C959192C4518.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A16478F9EDD948e78CAEA5D34A916FE6.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 982F8ACA99694fe2A98F7FC5E2843B57.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ABD4E1C5782B467886CD76AACE9093A0.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 39B0B5BB3A5E40498636310138F782DC.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6726B505709A46db86F2600EAB7338AB.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 55D476F3156A471b9F5E111EFD4F97F5.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9BC8B8F8F63D4eaf9BA5B527A0EBFD2E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7D9079FF9BFE4ffc8C519062D33D3A7E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2C02F8E69D27486497FDE10281A1A8D9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4DE628BF937C4325B5239F106E42B6CB.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CFA40713301046a5AB1116B5C0219BF8.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 91EF6C988BB94091BFDE82737F772270.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B4C0F1A003BB4f96AC3BF0B7DF735768.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131334656438946389.txt.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\d87686a1.png",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7ACA3D9E728F49f79BFFF6F05906368A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D685EA6B10944960A35224D76454330E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 07C740C63AAC42c78925A82B456E51F4.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 56913A762F1D436d9C1F47E598BA87C2.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1B5287D07C34447c9426CC3EF97EE52D.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D4CD01D6751548209A5773548A2782B7.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F570DDEAE79F428d99DC8590420A9230.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6D61252A101449d2BDB7A07AEE5559AB.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 48A1B43A22A54f61ABD8F570F3FFD1EF.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1F3AAC1F9C054af7BE7ABB5BE8A26D39.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BC98048CFFC3400c9A066D77CE09E7EA.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 80D9D8B462C54f99AF1CACB5C680C601.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2A5CC6CE31D94e82A91CE0CBF4B595A0.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F802E2A90BE5490894E2A1F4A02136D3.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C2A6207BD5CC47d2B19B12955B31ADF3.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\Logs\CBS\CbsPersist_20170308165120.cab",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FB86F4EC474D492a9E51B5177ABB915A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9C33.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\9BB5.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9B95.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\bdfaffaa-cca6-4469-85a6-a2aef9373ef1\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C641AB3770A24c7a9A2A217E3EC2BB4F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2418FFFCB4CD42b1BEA299C1674B474C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\7E83.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\73E7.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4CC7.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1BE3DDF3FEFA497e9D9BC8451CE435D9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D6035FFBFB374029982BEC156A3AE77C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C5405A2F666C479aA5812FD3EBBE3B9B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2597.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\FE87.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A1CEFF8951BD437295C69D2E654BC037.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BB0018BC4F934fb0AC90045E35CDA787.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5F3F453DA272499eB6F9E91CF85F027D.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\D766.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\B046.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 91FBD906104348d5A06C41A6E059605C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8916.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C606D138B2D44e7b82A097E1747F5050.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 05159A7AEECC4f9d9EE5BEDA99841AA1.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\61F6.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5CEB69037732409eBECC768E08A8876A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\3AD6.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8F46B499D47342efA63B7A978AF51061.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AB70127E42A6420aAD932670CE8AE264.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\13B5.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\EC95.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 330834D27A59403b89A085E0EEF85E7E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A55DFF8FAE9645768B9F616963D20B6D.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F432D1312CED4bcdB4C6382F2A3ED291.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C575.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9E45.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B2FC101A5F32403eA5996CC10897DD7E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5072769C7E2A4f36809C5EC54428D9DC.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1B695029B6FD48059B51A3CD2EE19F4A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\7734.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\5014.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7DAC7074D3844fe3ADDB4927F7776726.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\28F4.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D1C6C0DFAC1742d2AA98748C75D4BE8B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A75DEAFF46654868A797BF14DD8D45A3.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\1D4.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A99385DDF1C547a5B6F55927703B5DBA.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\DAB3.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 32E2EC2560F646daA157F046E9731783.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B6C9B9F3A6CB422e8FF485F126AA6803.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\B393.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8C73.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A11FD010AA8543d28D9C44C6AE3CE9AC.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1149EDFD24A04f7aB6B72D8A8EC057FA.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 495B8CA5FDB64a20832603716A6258B1.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6553.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\3E32.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3E28BCA3AF364804B62123C2C54FB1CA.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2D0E58D201A84487AFC45A6DB3FC1857.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FED715A071E34009BA94C93BC480A771.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\1712.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\EFF2.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 071E069D5B8D47a39D18A0C7BBAEBDD1.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C8C2.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4A098439AC9F46d9980F5A00F0EF21DB.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8QVHQG8W15FLJASCC85C.temp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 05789979A2AD45b4AF1E93F76A6C5BEE.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\A1AB.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 564F7D79E8714d9d86A720B7D3529F80.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\7A8B.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5EA10BA5B0DA40408A842454C82504AF.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2BAC77FAB595446192A28CBC0D230855.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\535B.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2C4A.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5AF36256BE8C4ea8A7B5FC10639F19B3.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D610921C57FE413d82FAF57C3AB5DF67.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 769CCE1EA5BA4fdb9B59588A2A56B41B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\52A.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\EA78.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\DDF9.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 520572C9A54447c89CD37D955B2A041D.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EB2D937D11274a70885D53D32F10A517.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 47D853E36A884dd6ABBBAA6E2EFBA289.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\B6D9.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8FB9.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 16BB200AB21040798B24B90CBF2AD81F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\68A8.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EDE2E073ACE946989C39F36AA63A794F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EF0537FE28D441a7ACFA6E4A442E53FF.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4188.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 40A69DD3A0D8428189229F625233E1BB.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\1A58.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1632E6127C9544b8B3BEAB87409E5468.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5296586138504778B048190708C71600.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F328.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CC08.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0F190E870C59499fB5E0E92487032B0A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B54B78A93A80432d8B867F02267B7DCC.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3A990043B024400d9E1E739AFAB2F0D9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\A4F7.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\7DD7.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A8A9593515C3406f8033C9E3A40C656B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 57EDC3B750A1439f8A88D24E4352EA79.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5707CEB0E5F54d23BBFE3B7719745C97.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\56A7.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\Alarms\Alarms.json.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2F96.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD3015080EFE4ae5BC27D64C5459BB17.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\876.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 77E20B78B4494d2f94572F5474BCCEB7.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A0FE3D007D144879BE70FDFCEA129C8C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E156.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1E9DE18C3B534cdaACDC338D168275F3.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\BA36.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 167DCFAF31514c05A88D0B89F90F83AC.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DABAA03BBC1A46b1BBA26F0A82E6978E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9315.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6BE5.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2FB2980F2B2F49adA074C235BEC9C41F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0BF71C526FE74846A99403BA24EEB9AC.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FCD58D5F7AA6426383FA72BB9232D814.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\44D5.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\1DB5.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 332A3E7B4EAB469b83659DCE8F2330D1.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C2F0C84369C14f0e8D74EB2D98A9D24B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0F1959AC9C1746c1A9E774FEA4C6B821.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F685.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CF64.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\A844.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 90FC6DD3D1D64de89193768F4E85A3D7.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D70863D1AC6B460eA609C59A2FDFD785.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 12E88F1390814ec58E2319A1A27CEC12.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8114.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8D0A2A5DE08B48d0B30AD730197CE6B2.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\59F4.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3871B4E352A24eddB9FC8332CF606893.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BF0ABF488F12446599BDF2B3D03561F9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\32D4.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\BB4.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 427744B03C254b5b959AAC63F4C29465.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 95C3793DBF0E464e8BC4B49311784139.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E4A3.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9795BC79CAC34521B502C934815CF837.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\BD83.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 53FA32D135E848e3A54BE52802C35F1E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 24B31C18E3854e75A9E3DBBFDBC41A5E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1F05AB33F9B542aa864021502B3DE5E5.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9653.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6F42.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\5664.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4821.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 59458A71060743ac89AE6F70D44B0CA8.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5FADB72EB7E8420dAFC8C25A3DBDCE2E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7EB7D9CD9C9C44d9AF44C512B99CD0E8.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\20F1.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F9E0.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7DABB39AE6B5403d861AB2DA9520FB00.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A419FE856C3B4c20A92347DAA048FE69.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CCDD669466F4453b8CBBB53CFCE36F49.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\D2C0.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\AB90.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9A537FB3D1994b50B851FA79B25172E5.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C1F813B1080346f0B4E03425AFB61F7E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\847F.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B62AB38CB82C450eB399ECBD7831E94C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\5D5F.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 16B631C3C3014164AFFA937ACB94E62C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DC729135DE224233B14162FCA0BA0463.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\363F.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 86158D386B7540dfAB15799843B65EBE.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F1F.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E04C6DE057164245AFD752CB1FE2190F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CF0C6983325B4005A94BEA828CEF57C9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 21AD8C6390384463B84171A704E106D0.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8281F576B3D64f6fAC693043F0D76ECC.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2C1904E573E549db9B3665299F138ECB.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3D0D8F1C8AFB493cAE91E64E5F453740.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C5C3C5610162432f912E19E6FB9A5C63.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B860067F76C846869595A49CABF42A0A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0AC1A93D84E3446b9548B0895931FA86.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A63CB511F47B4251A035A99290912027.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7732A5C922CB4bb18311FBBA5F068B94.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F8CE47A6BFFA4c73A705F37642D8C439.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4932427876DD4fad8C82BDB2A183FBFD.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 196E2E844FD84c438CE372A176727CD7.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4ADD10744565403181607BC2632F91D9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 35A5F77782E2492aA51999C87DE72AC6.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F4A97FE12FF447769297B850B27BE4EE.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 84D050E3EA3F442595A9FDC4423C7313.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7010D3F3F2BE40aaB6FA86CDE3089D9B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 67E6E985CE28479eB40EF7C85D1421B0.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D5AFEAE4974744068363AD45101F36A9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\Alarms\Alarms.json.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 919FBC3C662041c5981A08811BA011ED.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 329E75C8756A4e23BF86422223A2DB9D.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 32D5F62742BC4b2bB6DB4A4C0333DE15.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2F8E4E3652D14ed08DFBC957C62B9AFA.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E04763EF64A14a2e9D3D8438E6D4D77E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CC288ABB788F4b9089EA80C346415AAC.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4FC786A87E35495aBF08DB3409BE28BA.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 01421F1F7E6A4363A8749F2323271435.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 22BF9F94324546af932A2A7829A8E314.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A3A480835F864b44A2773290A35F877B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 14F9116C56874077AADF573D6FE72284.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F54A9AFB02BD438281A6847504619294.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9D25FB2F61C34507BA6D9EB460E00C7F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7847FED33A3D461084BA52C842E0DA64.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C6E1129126614fce91C1BDC614179C9E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 016FDB32903D427287F91EF100E21321.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8D5254AE740E444a8B3235E5508BF469.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8E661431F8934f02BF17D28E1CA2DCEA.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 52298619C42A4af0BCE3FB05C72D6907.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AB89B14B73B44a4083048DD9AA891F73.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 724B7062A0284175A0CF213C25A2828D.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AC1A8E882D0E40ceBCD33ED712186104.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB481A45166C4e23AB2348D21764E0B5.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\1FA9.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 845986AA8C414261AF98CEF431DE2DDC.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F879.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E424D9712C94440b8DC6AF5E7E0F5392.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E7DEDA9B78A94fdc816C9870E0396A7F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 28E834AF07D642388C5FE9E58E180791.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\D159.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\C509.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\AA38.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8A67.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8316.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 49219F5311CF4d1994DACEB96AA09FE9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0E7C7ACB0C8849e48E6092F7E0B92C89.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5B6756F679CB4471AB9B0ECF6B4365FE.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\5BF4.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 73F4E4B5C60043a688C5D10117EB7160.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ED4D505FC0E54952A3120EEB9A7A6D58.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\34D4.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E94E79AD1E7E4c82BBBA8F00E92E6541.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\DB4.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E693.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D1790E9D4ED040dbB3DE66C57AFAB15F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\C463.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\BF72.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 283791C6FF9A46e5B532797491B5729E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD3C6D9EAC994408A2D56E39BB7568C4.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9852.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EC3982034F8F4697B8FABE08B4C9AD64.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\84D1.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 47B3886A3EB14aa1AD4BF0BE4BF5A9A1.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F1731B839003494d82C427D3CE92376B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\7140.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4A30.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\28CA.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\230E.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0B3E15DCFFF84ff69BCFAEA80F5A31C5.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E149486C159D432bBD5D997DF65453FE.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E4B636D47E08426291960D08B236D9CA.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\Explorer.EXE","C:\Users\User\DOWNLO~1\Eula.txt",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\Explorer.EXE","C:\Users\User\DOWNLO~1\Sysmon64.exe",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F440.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\Explorer.EXE","C:\Users\User\DOWNLO~1\Sysmon.exe",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BAE79D2E95C94233BF2DD5CB9404C2CC.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\DB72.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\bdfaffaa-cca6-4469-85a6-a2aef9373ef1\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\D569.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4F111E4EF8FC4cb7A80AD49F5BDE9C15.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FC744E35318341cbBEF689AFEBF7D722.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9BA1.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9AF4.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9A86.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9A75.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\9A36.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\S8JH4GWWIL01H10BKMPC.temp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\LOG",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\LOG",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DCD127161958478594426D03920B7248.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 18F68867C1684df397375979F105670A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D97314133D7F433e92D415543E58CA60.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F9C9C70AFF2C48e1AF6182EB6F2B132A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A142B90B1BF04a2e8D66CE520E50468D.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 73A3BF1837314cb1A64BF4209E2BFD07.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD42C4A0B10143cfB4359EC011266FA1.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 29CECF618C30467684A4457911F63912.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D17C7887BF9440539C1397D14E754CD6.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7A1837CCEB9642409503A3E186E5CAFE.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4DCB60D91F3648c3A852677FB3657B7E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A653FCCAAA9044139A451D6F81748819.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D5BC48CE59A641a0B7C7A3E32B61C416.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 07166D73D09B48ee971E651766DFBA3C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B54514A8F4D14a22BD84715A469282EB.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4DBEEB0F501047588D8C382B9526EF62.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 805BC1C92B194d1b8B6B8D004D2BABBB.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C7E7147D5C2947c1B9F8986C03DEC881.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 641B919015BF42b182EC9FC4CF6D0B44.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ADFF5879991D4a4b859E755DD906E16A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DFE4AE9BA9274e89BA514F3BA65CB906.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3DCCC71F937F4e6c9B185C52596C4028.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 216B9FD51F574696927C995047D96B88.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E54829B2FD5747b18C25FBB105DF0D01.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 07685DF84D514b148E0514594DE198BD.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E96FE260D1A9402c8C943E039BE721A6.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 41E1E6E7BF9745d19DBDD4101E97284F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4E1FFC400ED54258BE4D5F5909276F4F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ECE9F2F1B1D04e84A4F8A8BC5BD85ED6.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3642D954DEFD478d94A67D9A649C19CB.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AD4CB90805AE447884EBFC91DC87B74E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 291395B8E55E42d7A9E2CDA87CA6996B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1EFF60332CFA40bb8999B09CF4E9E88B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1EC43C979CF943fa8066FC98CF7DFF5C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BE9CB8642B4249d8B5427F577708B4C5.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E970479D0DE14648839A8C42D2B9A449.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CF13447AF88C48198C533BCDE6716529.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2D05C1CFD9EC46dc9BC480F2D13EEDC6.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C92E3397680D4f5d9625495E386BB1BF.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0CECEC19FCE64f2088A48BFA27B6028F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A60B307B18DB402a8E532AEB5B442CF3.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 101680157C874d48BDB0E8C555AFA13C.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D05BC8FA8BA9457dA4AC0297B82CEF37.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4CEF10EE1E7A4624A0E8AFB9DB2F4208.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 72DB403135E941ac8100DEF6E8988586.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2FF2C2F794CE46bc9ED63525B70CA320.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 05DF3F5E4F4C45f58BB135D5F4164402.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 743E6D984E0C45c9BC19296832ED46F5.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\60c9f4d8.png",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 599CBBE0336747088946F2E1D0E4C6DA.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5532B302BCC740ceA8BC2D325BA8DC88.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 287613E0FDA843078AB54DB7D75BEB0A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 23BCABC715094f71AB8FC82C1608DF5A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 87423B8DF0904f248D74AF1A77EFE51E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 49724F9EBCD540029E8028B06A8620C7.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\c6940012.jpg",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 262E50F4859B48349CFAD26D4331E2A6.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 897205F6D8A446eb85BCA730AC5BE217.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C236D9C69FF849a2A49996F73D8A6205.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8787183C06C94af4A13B5649376BCF34.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A32192FEF249467dAA0183F8BA86C24B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 33B51AE083CE4184971597D04D19B6A5.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 255F96AF04E34ab5BBA7A4EADEF1FEA8.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 099DAEAE658C4e4f9F3534BABD530B65.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 506C08F10C85498e978EE42622C85465.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6E4DE74ECDB243f995FEF2AFD9425ED3.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 27D83A4372584a45A2DCF7A30C085237.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 49FADD648DC34f909402819D56687F6F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 43B7D51203E74962B3D693F4D38E42AD.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EFAF24CD475B4b87BB406DE4CC85D1AB.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3933D6F63F5D4b40B05B7751D48234EA.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BDEDAD71ECA24070813F30E358341C22.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A2933B1988204d02BEEB3229F983BA34.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9A46E8CEDEBE483e8C8C610CABD74BF2.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4A78D5459EDD421bBEA965077DC0390F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DA546FA446D941a984282EDF02BB2783.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F33BD227DDBE40dd8A865EC32CE7CEE7.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E6CD49D5187442d5A7C73777C9102E53.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 34DBE4F21F234e98807E68FBCCB7A629.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1EA6AA0BF91E45a8BD682378A0C497BD.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 99E09C44A9864c99AD0538F70320557E.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6E0FB836F549458bAA610E814601200D.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CADC8D890980496586BAC0ADF569863F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4B529937BDEB49daA661B9A52C37AE4B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 283942BF4B3B491a82B1BB46AF434F0F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 721976D6153C4e5bB597E392965A796A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 96BC5D47583649e1BD5F75B10120E933.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B2B9200D80EA414b81095410F04968A4.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F753B3F8C3344f89B35EE2A0F1ADDE8B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E3773942CA214b5a93A0FEEB2B4A9342.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 67C6F8B44C454f398DD78D26AFCFD2A0.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4F3A8D9E36F1423c939317DFCDFF3FF9.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4C179811F9CF4401B693E82531275D27.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CF96E13BDF5D4bb4B78E6FCF0A8BA16B.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0F9A967F7F5445d5AF90EF2F8E08FE2D.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8BC5BAA5FF124487861481E055B774C3.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 91EA7AF2147F4cf6B3BC0CF476C0BDFE.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7E844FC1669B4d88A5AFE068EB8E79B4.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2580_1566_notdimmed.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\80a2e1c3.jpg",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1488989321.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1488989320.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 74A7EE06E9264c949B4C7CDE488FB614.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 26EC6B9CD42246ec9EC0C4D86DC42743.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 69913FFB93904bd0A6F28BF2E4EEFD17.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\eventbeacons.dat.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 06AFBFA7A2EA48af83B4C0B16F175F45.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 49960A5E1E96472c84D8EC4142E08028.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 02D5BFD750F84094B4A3767BC7C98A90.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___1920_1200_notdimmed.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___1920_1200_notdimmed.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fb2927a75a6456c447c87ec72b94ec49\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fe534a6906e95f39825c4358b0927a57\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\467fe0b69144edda23c5a80a88b6961b\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d417d656c1894db4c7e8cc2d0af0a1b8\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9473fdc08059fae48ceb0856c3bed321\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c4979596ffb27819db336f7e6fc8462a\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\04caad0036e0c2f4286b8b09880b5aae\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\04caad0036e0c2f4286b8b09880b5aae\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\04caad0036e0c2f4286b8b09880b5aae\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9a2f00230dbe20b678aa1953045d9183\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9a2f00230dbe20b678aa1953045d9183\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\37726894fa47e65908e04a8430827a61\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\63e41b9c9ec8354857662abc9e53e24a\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0309f229ab4623c252b04315bd6965d4\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9a2f00230dbe20b678aa1953045d9183\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9a2f00230dbe20b678aa1953045d9183\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131334627103631517.txt.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\63e41b9c9ec8354857662abc9e53e24a\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131334627075958642.txt.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT10D3.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6e657fc4e6179a9acfbfafad19f7009b\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1020ca02c888399a1467a33dd6ec79a5\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\dddbbd5f4fe7bd52dba1470e0d866c99\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\dddbbd5f4fe7bd52dba1470e0d866c99\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131334623062284612.txt.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\dddbbd5f4fe7bd52dba1470e0d866c99\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6f45331e6fdddcd5f564d5698f790e2d\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1020ca02c888399a1467a33dd6ec79a5\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2abf55485d55005180ae0f8319f44326\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2abf55485d55005180ae0f8319f44326\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2abf55485d55005180ae0f8319f44326\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\bd00b135d2f9f2142e647c9471507797\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\bd00b135d2f9f2142e647c9471507797\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\bd00b135d2f9f2142e647c9471507797\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\796f5c4731c88de92b5a991a2c1757c2\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6797217ada3c52d78357027715d843c5\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6e657fc4e6179a9acfbfafad19f7009b\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6797217ada3c52d78357027715d843c5\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6e657fc4e6179a9acfbfafad19f7009b\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6797217ada3c52d78357027715d843c5\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6e657fc4e6179a9acfbfafad19f7009b\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6797217ada3c52d78357027715d843c5\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5fb0e3d54015ea0d93554e2b39824a07\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6e657fc4e6179a9acfbfafad19f7009b\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5fb0e3d54015ea0d93554e2b39824a07\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5fb0e3d54015ea0d93554e2b39824a07\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\319e0a420c25e8d70e9a248bb242b47b\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\493a57dfc1483505839cef83361c47b9\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\493a57dfc1483505839cef83361c47b9\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4efe10a35c569573832746877cddbd47\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\493a57dfc1483505839cef83361c47b9\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131334622575490278.txt.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT791.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\319e0a420c25e8d70e9a248bb242b47b\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A6A498D59B654726B3E5012357C2A3E4.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\493a57dfc1483505839cef83361c47b9\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 963FFB3929C440f6BBBB9ABE3DA75BDD.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 16F45FEBC6FE4bd78311E68C2C29CE20.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131334622282009131.txt.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4EA7.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\cd6d804a-5eac-4198-8581-fa1bfab8081b\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\4E0A.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\4cc4a8f1-c962-4e7b-85c9-9f1b614de269\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5d115ede999378282940b9b18e9c3fd9\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\381F.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3792.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3752.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3751.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\36E3.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\69ca86f7fad80701f9ba01f55eac0861\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\LOG",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\4cc4a8f1-c962-4e7b-85c9-9f1b614de269\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\4cc4a8f1-c962-4e7b-85c9-9f1b614de269\index-dir\temp-index",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___1268_0772_notdimmed.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c510e07908d4166d7af3a88b11194e34\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c510e07908d4166d7af3a88b11194e34\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2d1c6513c4d4a82f68e0d50a705cf78b\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 492F3A1AB8DB4711B299A70D6D1A510F.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7D0B0DCF48F742cc908366F4BF7BF994.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F1C5A77A47A3491a86F1D4DB906D021A.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\SLS\855E8A7C-ECB4-4CA3-B045-1DFA50104289\sls.cab",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1488988570.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1488988570.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2962_1634_notdimmed.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131334621562866442.txt.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131334621537760824.txt.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\190eda72.msp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Updater.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFFD6.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Search.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFFB5.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFFA3.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\logsession.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF92.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\adoberfp.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF71.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF5F.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF4D.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\Eula.exe",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF3C.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFEBD.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\eBook.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFEAB.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\weblink.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFE99.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\SendMail.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFE78.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\ReadOutLoud.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFE67.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\PPKLite.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFD8A.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\IA32.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFD69.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\EScript.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFD09.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\DigSig.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFCD8.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\DVA.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFCC6.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Checkers.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFCA5.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFAFD.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Annots.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFA4F.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFA3E.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFA1C.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\Flash.mpp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFA0B.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF9CA.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\rt3d.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF98A.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins3d\tesselate.x3d",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF969.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prcr.x3d",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF918.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvDX9.x3d",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF8E8.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins3d\3difr.x3d",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF8A7.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins3d\2d.x3d",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF886.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvSOFT.x3d",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF865.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Spelling.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF853.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\SaveAsRTF.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF832.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\reflow.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF820.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\PDDom.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF7FF.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\MakeAccessible.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF79F.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Accessibility.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF77E.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\Javascripts\JSByteCodeWin.bin",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT4F4.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF71E.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\sqlite.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF6FD.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\reader_sl.exe",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF6DC.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF68B.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF62C.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF60A.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF5F9.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF55B.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF549.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF528.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF3ED.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF3DC.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF39B.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF118.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFE8.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AXSLE.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFC6.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFB5.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF93.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF82.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF70.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF4F.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PF1E.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFFFFD.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFFED2.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFFE91.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFFE70.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\manifest.json",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\DirectInk.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\DirectInk.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\DropboxStorage.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\StorageConnectors.api",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFC5B.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFC3B.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFC2A.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFBEB.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFBEA.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFBC9.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFBB9.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFBA8.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFB97.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFB87.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFB76.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFB66.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFB55.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFB44.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFB43.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFB13.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFB12.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFB02.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFAF1.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFAC1.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFAB1.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFAA0.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFA8F.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFA8E.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFA7E.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFA6D.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFA5D.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFA1D.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTFA0C.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF9FC.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF9FB.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF9EA.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF9AB.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF9AA.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF989.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF988.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF978.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF967.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF957.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF956.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF935.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF925.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF8F5.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF8F4.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF8C4.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF8A4.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF893.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF882.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF872.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF852.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF841.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF840.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF820.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF80F.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF7FE.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF7FD.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF7ED.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF7EC.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AdobeLinguistic.dll",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF7DB.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF7CB.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF7BA.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF79A.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTF789.tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C6D572243CFA40b89D22D54A4F1680DB.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D90ADE9B50004508BEAE431C4E313F09.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7F606E29A2F74f67B7F99828E73167FC.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1488988505.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1488988505.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1488988504.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1488988503.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1488988502.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131334621015959205.txt.~tmp",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 823EE304251E4267962F1E6C86E83760.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E7DD5E67446E4c66A8377E3E95256BDA.ppd",2
"2017-03-08T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 57D1E57BD2934b0cB3A6F2678EE64F3F.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8806A7F1D2534ed8B72171D7D17C7671.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 88CD153663BA46fb8E5AC4E82F270083.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 74FFF97BDA0543e8AB6079FC9C81486D.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ABA74AFDD41C49f5A346323A2F95DEBF.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 93956EB25C1D4e38B17F959990DE771E.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2C9EADF227C54591B4036D8D6A10C456.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3F46C49428AA41faA502D9C1A063C1D0.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 93ACD4F7E4264ee1B7B616836E8CAC85.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9D61F5A6ACBE411aB4C4E8FA3AF4CFF6.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0E8608C1E4C2454b9BE98CBF98C0CF0C.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C29B0FC0CBEF48cbA03E5E21F14D5A93.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C08097D1AA8B4c9fA07D6DCCB711EAE6.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BA1A3310C34041c080FD534C8CA9823F.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 844731665D41454a8D2AF265B8FE3C6B.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7A2FAAEE23D64ca7B1700A9F0C9DB063.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6EAD8DCB338F4360B53E58E615126E04.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AD2C365A74CA467a9F7C118FABA76959.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A7DF6233E5C043428FA43226DEE21DB7.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 526FE69CFAF74d32AC9BB76733F98D84.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 188660D437B24474A3EE20D74C6C0210.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6621A0C618A14379935A962A3EDDE259.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9F999F240D454c5e9A00271F49AC370A.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AC1FF37E642F42dfA8CFCD5A489F6038.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DB5FE04168D54469A134459D9071F1C2.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FD444B25F1914481A41B7F049758C0F3.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 804872C5273C48b1925B5C8FEB61FA34.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0F0B6E338C5848508B0CD47C9604A741.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D5E1E0797A634fc3AA66F36AB2FF17A3.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9DBFC2D5B19443ccB5FB85C0DBCF7034.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2944CE19345B44cf8C543C7F9945231F.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7A577C8ACD8C43eeA52B1A3B1CCD6DD3.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 284E14C49A9B41a38819E821F45B22C3.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 415EC2A8878944a8B31FED0A6114EBD6.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A4BAF2EF4B984da5BAA0AAB36EB24301.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AA7FF032AA7E4ccd9348BE2B90E3301E.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B22F9B78C15C4a03AB0FE1FA5F377C5B.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EECDF2CEE246470c8C819540F06B1540.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DFEF6E0F79D346a9A3C7315EC0D27317.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 692E0B9D30C14db2849AB2392A610BA7.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DCE4B79E493B43a2BE7D3A773FF340BE.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3C805F634A994a8dB2EF9EAF90E634F5.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 84682B2750D744a79B7B718DACDDB34A.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8677651CE388454bA45A7DCB04723ACF.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ACAF549FD9E546118780E20A4B1D8696.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7CF95E9288F646ceB31E138E076DFA27.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D4A8854068FD44708E841350E47F320A.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4BEE53C46B6141508FBBABEA6B609BEC.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B28F1BC7E1E64a269BB18A008BBED524.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3D2E210D50554f8aA8E079106C9F2B23.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 10A1CF8CB24146bf9F7DFB521B216080.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DEEC4AFECA2741aeB6147F25ED2E1DFC.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5DCEA689525448f090666D6CFCB50AE9.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F6F98F5226FA49e49992CE63541EA575.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 739CB19A2CD44f0f99E1A571CA7A3B83.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B4170ACD302440b8B3F219A796C51DA0.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F176F08470A24bbdA4C6815AE01BF90E.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DAFC9B011E264c41B4D545A23DFEB5A0.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8EDBED3C73BC45ce885614E4DC13042F.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 681524F2DC524ccaBEA8AEDB99EFAA7E.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4C6053D3ED9C4fe494E829226C820065.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B86100C95C9941b5A6DC5D38DF6F5533.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 21DF03BBC0574e1c859358AB88B0B45F.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2D3C87E1A5024357B9B74AE481CD2173.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 094F43B3E2614c0b95C14163E72FC6AA.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2905211A6E7E47698A0602AEB36A95AA.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D8C2FEF4C4CB4ea8B90CC3FA368F0DC6.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D24DB88413E84ffeB6812A9D1B47EDC1.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B199AFDC87A64fd3BC821505DABE7CC0.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CB5A2EC97B30408587E89FF292ABC423.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CD394F6EF1224b62AF4B28092D62B07F.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4F10125F4F414e6c84518FAFD21782EC.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D5262A7F972845b99E5A2DA4EC05F4E7.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 32C0ED2E9D1A447b9AFF89ECF3CE3857.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 834E8E7C607E4a0b9B19F38B529D0FB2.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 23898F92A3DA44cdA7519BF26FCF4120.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AF8A845C8B4145088779A2E04189FE18.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5535A4AA104D4e8e8FDD3ED6BAB4B587.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7F9751C28E484538A6F24317788EF268.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ED8A26A02EA94650B02EC156FB4C8557.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1D1D2FFC77464bf1803CF5B781B6BEC1.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2BEC410EB10D4181998B0ABB58D3AAE0.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0627A310F136427b9042AA2164A0EA66.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EFACD69134484899B5031351D74B35CA.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 39F2239F48A649d6B0107AA64B765248.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1930F4B1BBCD47afAE864B69E9065C09.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0A6195405C2A4fbb8F88655EEF7A0017.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D0B8A899ACD84d2488E4AFEA64024CAF.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DFDA603B03C74084872A23AE53BFC3D9.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C7D5D02AF3604ecbA968D244AD4EC52E.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 99008D275F5B455387F86C556C85A76D.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F19206FC65364aceA0EAA17BA581624C.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F73044618B05431b92FC526004B55582.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FEE04A00428A45bf90224CAB055CD31B.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DAF19ED276EB4cd39A63031B3AAE4E7B.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BFC93AD47C1A450e96D13D1DCC47407B.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D47AEE2884F94810AE61B1921861F8B6.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6797217ada3c52d78357027715d843c5\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6e657fc4e6179a9acfbfafad19f7009b\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6797217ada3c52d78357027715d843c5\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6e657fc4e6179a9acfbfafad19f7009b\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6797217ada3c52d78357027715d843c5\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6e657fc4e6179a9acfbfafad19f7009b\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6797217ada3c52d78357027715d843c5\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6e657fc4e6179a9acfbfafad19f7009b\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F013CD123CC84f0d865DBF91168EBA3E.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5AA68D3D2AFC44a8A907772303B87D71.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 55A7BC3E162C4ea59477F6A3D965E885.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 06979AA89F5D4518B4458355A64425A3.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A821AB00973746ff881FF3EC8C218283.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1ABE5848DE754a0897B00E8578428D4F.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3AAE789616C04d29B249C3E20B231F8B.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4AD0E15661D144daBE70188A5693DC84.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 48DC25A739F94de1902106D6B1DF514F.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F1508C21B452473bBCC2656FE5B692B4.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BA937470764446b2BF54526D43281C0E.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5570062F6A384009A6415C2CF5C07183.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 71D716FEA0104a1eA45C64DC1E7A1138.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5593AC4E86714f458F64F2CBBE6ADB81.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A8C65D07E5AF46c5B7002872622E9988.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 015BE9D7EE3449adBC9B49F8404CF813.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A6B0DCC907124f5a9C085024B2B248CC.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C8C62380EE8C4292B106C7B73D548A25.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 158BF0919D7440478011E4A3990ED725.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3237E1D340E941c1ACED28749A9860B4.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 355EEB03E7444bf49F4CC931745B6755.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C0B3EFBEB9244cbeB12E337FC8DD8BA6.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7CC9BBD65C404323A3A637331223DB13.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9A6E61B9B1E0487bB41ACDE82463A551.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT5264.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A9C17B7AE24045049573AA6BF40BCE48.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 020E87B0D8454b9592C6D6C621C66D28.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 419762FE8DBF46f181432E1BE94E707E.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B78E0BFFF0664688B7652D89BC9EB664.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DCB4789D8D224ff8BD42B802BE584501.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6358CF428ACC4f74B5AF575EEDFA3CAF.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C9713C704B714292BF6CA684D0D71D61.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1C612CCD51E34b809BAFCB02BE012392.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4394301A845946ccB1FC2EF9ECDFA6F9.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BD6A1F6947234817ABFC340BE3F8D330.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3E3963F90A454363A8B279F0DD9D55ED.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E8FE58E7523441f093D16F9444DB1D78.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FDC8C9F819394f278970DCA44FA971E1.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9AB166C5535349ff88084CAD2BE58F6C.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0DA7E73B8D64482d8A6C9C1CCF35E043.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1488923455.~tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1488923454.~tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 33DB513CD8CD4effBD84725165097E30.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 344120B8911D42c484CDF19973FC36DB.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B6D80B7EF57D435fB1CEF746EB9609A8.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 946565AFDFAE40a5938874C5B090535F.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 49742990181849c2B4F02360C61A1DA0.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 351243C613BB48fcA5C097F56EF6410D.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 81486757085C43799231E0FF99F71454.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 14AD845AA6D74897ACB2B63F4C620802.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9598B9276717409393CF43D0F04E5EFC.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AF1159859656410389F25848B32A8DF8.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D0C77CCA596F4dc4844C39974F6A23C1.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 33DE18BADB4A4cbaAF2ABDE857C44E9F.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 412AE001EEB8457b8E5764866B58F2C2.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FB3979995F3F4604A05EBFC26406FC06.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 08A411903890486dAEBECA37FCB4FDC7.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 614D63CF7C2B4d0288C490DFC00FFA68.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BCF3EDC2590342cf809E86762F9F1761.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\b822319.msp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B8D4BCB418D84817B1017470BD7AEF5C.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF3F6F.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF3F6D.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF3F4C.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF3DE3.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF64.dll",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF3DE1.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl64.dll",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF3DCF.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl.dll",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF3DBE.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF3DAC.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF3D3D.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\wcchromenativemessaginghost",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\manifest.json",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\b8222f9.msp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\b8222f7.msp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.023.20056\BIT270F.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Users\User\AppData\Local\Temp\BIT726F.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CF0E4FADD30D4cb893DFFE1A7C09B60A.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 275A572B41C541f79068B0738DAE4D2E.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DB167EEC7E694d48B8AAF2C479C256BE.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.023.20056\BITE223.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0F049E33D9F94b3b842FA5C203AEC17B.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___1268_0772_notdimmed.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 79E406537AD54ae5A5DDC953751A1D52.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1A0600C5C02F4d558BC1F9A94791456C.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BIT5F1C.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\Logs\CBS\CbsPersist_20170307214453.cab",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6C7C0AC822EC4275ABDC34EAD16E096E.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7B76697ADE9B44d181725E1D0C68A641.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B91F0B2941A4470d806D16B4C14F37FB.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8F53D77EDB3445aaB6C3A9C99388D1D2.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A14A4244407E433888C05B4DFFEE3472.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B0B60EE3611C4d6eB71EA34BFEBE99CF.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9687202091074b17A0D21CA5C7A9B385.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9F6C6594C974439eA7F150979B48D963.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D602AA8E8C8347d39D945440DE06CF75.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4B173FE78C8D4e669E71A2FD1BBA601D.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 69DE2E495AEC4ab188C8BB142D2AFC4E.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D064F78AC91942faB76944F04B43E403.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FAC4EBB9C6334f6396320CD4A9BD6F4A.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C9E93ED73F244f55B4ECB93839E78A7C.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 93BC9AA013634cfc979CDF4A3F360C39.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3594BEA76A634204873F2B8793D0BE6C.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 61B28BA607C24b64A454232E116A2AC5.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 83B53C97DF3E4984B8694F0E634A8619.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D2F1D8470D294310B70184ED8DD76704.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7B5F5C7532AB4c388FDC3B4E0185B733.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 082161C7016248a79C7545DA6CD49127.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AFAA52A9EB2243588C2F54B418775B18.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B1F8CDE71E794690BEF9A38D0C9B6D86.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 430C97C384334c8d82A47AB295312A94.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9C86EE905CB84d7a8480D9E0678467EE.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 04CE2CD67E934d6eAC674856D4EEA383.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 25EBEBFFFD9C44ecA8C61E6B021F4DE2.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 213AD68CF2504fbbB1E10CCA8A33396F.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 36FF6ECE1EFE46a1A0E4B23A0A6B3740.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8FD14BEFBA734a3888D344755A0E34EA.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E22B2719A54C44c288718210D254E05D.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1708AFC7B88647f2AFA5400984382DB9.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F03DE355D9BE4914ACEB94E323416CDD.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4D60C77E0A854d1dA37E5B5CD1735D74.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6898FE713C42434eAA05427F1D234F32.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3F396DC5230C4ec0BF87DDC2003EF9CF.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 73EFECF234DF469bAC2373D68AAA83FC.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5404688970CB433a99F6A915E74E750E.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A02053DA83DD4593954FFD74F9E5AB6F.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3FB9A51087A34ee89D824BA1B3B297C0.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4ED6C01C2C754203A4788ACC0B83B0BF.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 63295072E62F4bb9BEB7AE291288250D.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 69FC7B0F907B4afdAE7CADA8235EAC87.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 965BB76CEFBF460eB980A83C680D8F16.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9343379F55694882B8FD322B3B08BA45.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E1128CBE593A477eBE080DC353E9E097.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AD9BF2A1856B422290E69A6CB963C848.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B99EBFD7C93546bd9FF8AA83B609B509.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 60935C7EA5C247bfAFFE31A0D9EDCB35.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1D59575467364c1fB590B641D8F5D8A1.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3CC04CDC0678409f8C7F8DB8F138B00C.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5F7824D411C74c2b8954125F987AFCD5.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2788213DFDC94b2aBADD321B8854FC0B.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E442A3E9AE844775BC709D43C48CE9EC.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E2B7239C6D134e0c90AAAD636C597E33.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 16524CABAD824251A26E1C4B2B00C228.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F466625D9E6446418647EF2914E6915B.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1CDB4F7BB8E94c6aA09AE9A992EF6661.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0D4266CF4E31476aA1B8F38E275F6187.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3B0C75F2101245ce83FAB10C6304F83C.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BBADBF46A4D64b7a8443B77B3F5DDD71.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2F86BDF443234f2a8C682F1C2B3A637D.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0DFF8DAFFCAF44bbAE4BD5E967B09F9E.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B1C7682F533D45b8A7238FD89D7B05C9.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FA6320178E664d8a910E228B3657E006.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C70C77B512C149f5BBE5794E25C2CABF.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C2B0BB2723114b929D5D69F94C52A3D8.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8922ADCE745C418eBD9AC5C4AF0F250C.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BA52DB88A7364b5cA01F14C4E3599D6E.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4B0399F644474243879F15CDD2E3E681.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3D16A7BE954048dd9E6B5DB96E9A746E.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 674DE2694974402dA3181AA8F5F5A2EA.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A89313770BF9431a96D7691D92A65C08.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A7FA94287AEE4eadB76BECE52C8A4A4A.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E35B8552F9424a5fBFB4E9CF14FA1FA1.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 232D94DE0DC94781A0270B9273B3B674.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A82C75D763464498A9DC46A772BE7ED5.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B5095CD038764d0292BC16837A026C31.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6CD3ADDAB6F748308FDC751FFF1C05C8.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6F97E25AD8F347878E52236C76ED818E.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A64212B258744c61922D634E21B2FEA6.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7FAF5FAA75E54b5989CC3C30D9FC127C.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AA0868A966104817A4E57EDCB7B7FADB.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2AF738FE602A45e996E8484CF496D79B.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9F6E05E2FCE74e65A978CD23E5682D7B.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B0D562E40F3F46b7A93CAFD8D86AC0B3.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9CACAF14617B4f7b9E473312AC8FDF95.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 82E3614E27E944d6B05A23323A6A6589.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BEB7F571082B433fAEF300FE87514BE5.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 966B6C23A7BB4a4fAF59385DA5F3932A.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 57B1C7A9974F4022B983A166B87C2ABB.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FEB3E6C544F64c26AFB32E2B1B690C3D.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 33B2106A2C3A4c1d894F056430FD4954.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 58DC9F4248AA4a02A921F142BF54FD47.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EAFE334ECC7E4d32B943174B937D2267.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E08EC5D188B04e19B6EE503F4C487785.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1372827AA44F49008E9ABC91B4DCC7E8.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 51F5D3F789C84db287B50E205FCD3E2A.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EF8EE9BC390943728BCEB1F4DBDF8B01.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 34CADFEBD9DB44e495861F75584A0BC1.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FC50E46B75FC4d6e8F5A7DA2BD327FDD.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BE1CA8494C5542cd9113E98D8F1E9591.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8B09BDEE121F48408A564B316D2A38E7.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B9E286FE8C4F4b34B907685C0366F9A0.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 87D16C630BFA49bdAA8131EE1F1DE423.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5D76CEBA18F946f0B3FB9ECC4A4678B8.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 20A6E10CE9CB49b98E7FD3C9A12D765C.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2C237FFBFAFB4e3a8CC899053DDBB4A7.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 02B827C2AAC14bcf899D5D21C3249EAA.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9E244455458B400cB9E44B3D171BC1D7.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_e708f365ace4144b\TiWorker.exe","C:\Windows\Logs\CBS\CbsPersist_20170307205203.cab",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 50D2A3F9E77240088437409F358E233E.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 301A16894CCC4e5fB4B8D4281138CD3D.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CABC08FA880C4f388D5356FE7E7C0345.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C48327457680406c93A249C06C8F2012.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D173C58AC31944f394442716E564530C.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2190C3A3BB72438d86B9A424CCC6E51D.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 862B9C00DE0F44a29AF560DA8747D1E7.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F0759787CD964806BA994264116C02A5.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CE3914EA1F3A442986666BF73DCD9113.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9AC69807EEBF4ad7B45D13674DD990F8.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FA4CCEC7A7BA4cebB33A4A5641D66D17.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 260783D2942C43008C776D6FC523CB94.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7622162B7C9C47be95BFB375512D0FDB.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D4340A60FCB04d5287FD0B90690DAFF2.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 073E1E2380F14769AC8926D1DCCBE1CE.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4D0C47938EAE4a868497B17E21002FFE.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9792BD4071434fce8AF009C64385E8D8.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 73678BCB1D1D4d6e8671443711E15622.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fb2927a75a6456c447c87ec72b94ec49\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fe534a6906e95f39825c4358b0927a57\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\467fe0b69144edda23c5a80a88b6961b\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6496C00F537F48d2A19E7915D21708ED.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9473fdc08059fae48ceb0856c3bed321\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6797217ada3c52d78357027715d843c5\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E10EB5CC90434456BC949730E3226B07.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c4979596ffb27819db336f7e6fc8462a\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C9F0D2BB01184c039AAD2E5B0D318BEF.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\37726894fa47e65908e04a8430827a61\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6797217ada3c52d78357027715d843c5\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0309f229ab4623c252b04315bd6965d4\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F1FE4CE6282A4f609DFF9A47973FF24A.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4FEEFD8BD3FA48818ED012E8CE6B94A1.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DC47C1C647FF4e199AB0B2553C0579FC.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131333935912045827.txt.~tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\61cea7cd.msp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFD0A4.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFD092.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFD061.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFCE9A.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl.dll",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFCE89.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFCE77.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFCDBA.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\wcchromenativemessaginghost",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\manifest.json",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\61cea7b2.msp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\37726894fa47e65908e04a8430827a61\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6e657fc4e6179a9acfbfafad19f7009b\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\61cea7b0.msp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0309f229ab4623c252b04315bd6965d4\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A906A02C9E8E47ed8A0CBE65835D9373.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6797217ada3c52d78357027715d843c5\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6e657fc4e6179a9acfbfafad19f7009b\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.023.20056\BIT1A08.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B7CC51B539AA453eB7C5DD8BE47D8206.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B04A6B038B494f74948AA533EC5160A3.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131333935492872519.txt.~tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae131ba44157e82d388e1b79747c3145\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6e657fc4e6179a9acfbfafad19f7009b\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4efe10a35c569573832746877cddbd47\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\493a57dfc1483505839cef83361c47b9\BlockMap.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.023.20056\BITF77.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BITEA88.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131333935194686578.txt.~tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 80AEB9527A38468fB6DCDDFCD65DEF14.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\SLS\855E8A7C-ECB4-4CA3-B045-1DFA50104289\sls.cab",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 709E195BD2494754AE12553C6E5D2D89.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2F86E22DE01C426d974828F34795B723.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 22A6767116C141dc959F185CD5425918.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C6E9717583E2446aABE96BD05221354B.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5041EBB1D11D44caBC766A7163D71B0D.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131333934321786104.txt.~tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1488919831.~tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1488919831.~tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7CDCA6D2C6384df78A015451EE1CC2C9.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 781350787EE746e48BC8B0A4EB3F2287.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe","C:\Users\user\AppData\Local\Microsoft\OneDrive\settings\Personal\global.temp.ini",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\Users\user\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe","C:\Users\user\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0917ECEC36774176811C3B8E750CAE51.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1488919820.~tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1488919813.~tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 723374F22951426d9F10264114A56B5D.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2580_1566_notdimmed.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9B068F1F93A841ddA06D809F92523A63.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 21B383A0987F4a22A15F721B5A8F56DA.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\imprbeacons.dat.~tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___1268_0772_notdimmed.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 16041B3681F44f37A14C666932456110.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 27115EB243854d98AE7BC3EE49C21280.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F219846F9B9E4cb5946F977F6F268427.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\chrome_BITS_7132_25087\BIT4C8B.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9285.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\9207.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT6CF5.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131333933572368895.txt.~tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0C2A7E2FFBB741a492253C3EFBB751CD.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\741D.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7370.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB2A4E76EA5C4f0c81A2B8BC3FE7ED26.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\BIT2FEA.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5E523D4A85F04d59A90E3ED593B96F94.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\577B.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\575B.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\896Y2Q5AFVZHIJKCGB0A.temp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2FBA.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\190ed995.msp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\190ed993.msp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BITC4B.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 62287DFB8EE74d0483A699A156958B97.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 42906B4B185F4173B689261D147A8809.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8B7290F48EE741ea8C3F9C76C4A382B4.ppd",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BITE8B4.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\190ed992.msi",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\190ed98a.msi",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\BIT910D.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BIT92E2.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\73847f756a2e204eb06351e535f9392e\BIT2D38.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\94b550ff66cbf670ef097312b6c3e3c2\BITDB48.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___1268_0772_notdimmed.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe","C:\Windows\Temp\baa1bd86-ab74-42b2-a65e-66a89a9870b9\mpengine.dll._p",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe","C:\Windows\Temp\baa1bd86-ab74-42b2-a65e-66a89a9870b9\mpasbase.vdm._p",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe","C:\Windows\Temp\baa1bd86-ab74-42b2-a65e-66a89a9870b9\mpasdlta.vdm",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe","C:\Windows\Temp\baa1bd86-ab74-42b2-a65e-66a89a9870b9\MPSigStub.exe",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BITB949.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\255069d645e0ccfae647bf0b345392e7\BITDB28.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131333926191702802.txt.~tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe","C:\Users\user\AppData\Local\Microsoft\OneDrive\settings\Personal\global.temp.ini",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\Users\user\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe","C:\Users\user\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\73847f756a2e204eb06351e535f9392e\BITDAC9.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BITB939.tmp",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-03-07T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 573D0B5C359040d4AB794475CDFD07DB.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CCA51F020F544736810299AEEEA295AD.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 11EDD2B46E924aa89C6C687592C7A3A4.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LSXA6O5X1AQ03VAUHEUE.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HK1FRVOIG2Z6RJZAV6PC.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 171ECBFD643845f4BF630F51B1A1331B.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4945F8B958C34421BBC1A43DAEB61F80.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 08DFC33A338B424492F5A53C860885B3.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0AXISCAT6GAYGXTBEHR0.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B21F476181A448deB8E61CB1BA5C96AC.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 819D1E233D64416b82EED09A048852D5.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 76B303CCDEE94987A3410BDAB63DD5B2.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KDJ8QZ7CWA4PYC31NF56.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WVDQOX9V6CTREV7NVCZL.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1D307BD816E74bc993F469E047B6EFFD.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B8AD1EAE89554407B137E066857C752F.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CC86340BA6B740968B30D5F8AD1AD61F.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TKI70LM57KLGV2R98VLT.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6CB6A229AD5E4457883BC91425279525.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4BD2469971744fe9836FBAA5E1998BBD.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1485998229B849959490F48A770227B1.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5FL8AQON0EIT5BAB2UZV.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0XUQT5H4AICV9HPM90ZJ.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E8035C3A20084981B78CA5EDB2FFD4CA.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD8B699ACF084a689BA3E83D3DEC85E2.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F1CC619CCE9043689DCD87200774BDEF.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\A108.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OG8HPTHU5ZGD6PEL4R1M.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 235734F2784E499c867FC7E26D5BE60D.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 04AE6639867E42c0936DF7C07229AC60.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CFC94AB0C1DC4a3cBB3BEE61B8EAE24F.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MP24BP2X3TAVQU93OJ8C.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KDW9R0KDKE7W5LS25JGS.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3C1E669B8A6740c7B91ECAD30372FE2D.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2CC7AE0794DB4d7292CC8A8846BB9E40.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6E08927119FE4ddf987370EEB2A85AAB.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Y7K4CQBRXMGKQOXV9E1N.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 84A407E9FBE747de8C8BE5216898EB94.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EBDFF7F6648E4c9e85F8AE8D0317D0BF.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B7F2FC6CB8BC427286F6744D76B3424B.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LDXT7KBC0ADPTVX29V4L.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\I6ORWQ85SFWZQCGSTFDF.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CCC2AC057315478888FA2A8DC832026A.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9C1520286B55418aA60E9126B6120B0C.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4E6B22302779458099DA0ACCDD3470EC.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KKFJGTXFH53XQEC7B6E7.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7417A6A5BC1F4bd6979B6D476F322A50.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB84EC6EBB0A4d6a9F3AAEADADB1D171.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A3FB669FE004402bAF5AD90CF4D8AE54.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\21K4GMFGQ0JVEM6F7327.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\N1EO5PDWHEYW3AM9BWXQ.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 91815D1CF9234a97843F919664B2CB8F.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 25C87CD139994572BB97D44BA34EFFA1.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2474F590399E4592A81034E12D8F71AE.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YG7AL6C1QSQUG7K15G1K.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\D0D.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0398A19723DC494aBCAF6FD47175927C.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E7B5CF7AE1DB418aB42BAB7CCEB0D3F0.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AB032096626342318AE14201E90E4368.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UNJ9JOKSHTRI115VUJXM.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Z5GOF10YZSE8OLZS42G9.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D039F568099349a99D269F41F95DB843.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1B8475F934314854A0562C744EDD0290.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C331B35B69A54fe39EE45E5B318E353F.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\S927AZT69HGB1P64ZFA6.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3E9EBA986CCE468f929FBD984C35D84F.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D6DB517FA30B47fb98CCE90A6D8D5735.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA760AD77EE74c2a92F772A3D7147940.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\372GCGCLSXHYUGKNR1HE.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EYV1159FKLTMKWO6J88Q.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 83B000B43A964907A83E9DA37E7F6B20.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6826379B61964f95B88229B208214AA3.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9D71E2E7CE9E4a18AFFE0F80E7ACED7F.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131317752096970949.txt.~tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WLIZB8RX2DZW7W7H98HQ.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0E0A715D0AD1461494AA626B0CBE64F6.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3B49C16B024E45b59CF8369B8D6DF332.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 24925D8B8F7B4c0b8BDA03A6C7948DB5.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\21PVD8H0VU6Z5AWEJJ7A.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UT9QQNSH0QQ9AK1RY3M3.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5CA0FCCBBCE74501BA32895953B81E5E.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1413E1A6EB7141b5B20287DE9C3E4E93.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 46633E644FD34c14AEA46BF4F9D1B385.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2HE19TND5MMLHO7AS01E.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 16E13638D00C4d64B143BC17F42FFC97.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ADFA61FF3B284690875B344791F943AB.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E2982BC1D24B4989AD8EAF981655A73B.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MP1HAMVILJ3LIY1SDSY4.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\7913.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WQ6OERP9U0D4RCCZ3RKH.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 55627B02AC3848ed80585686DCA8CD6A.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E1B524A548B141f2B0E5C35B55A4C574.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 083FA05C435748cd98A6408F4DD6BC8F.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8N86VMJ84JHIVC8T8BHE.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AD9D71D6098F46b99B8BC3895E4D6886.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 389FAA5C47C7425480826ACB01134317.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\A52WWGEYAN9XZYAIZ4MF.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 60DCEFD04BC947b29D32717112048DCD.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YWZV0UCNI3AASOC9WPLD.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5A9077F18BA945d9BD4E82F8014FBD6F.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7B793A0D105D46afBA5120C353B801B7.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C07F24ABBC8D4a8795274F9A33A2F110.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\AT5XXXDUY8R50CWSJG2K.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 709560020B294797BAF37BF37ED2A8E6.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F1EEC9A884E84a06B8B4B01EEE6C1AC6.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RQZCUJKCRLXMNFQ7WT8E.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 573AE4669EBB40ecB1BD6E023874B7C9.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K946OGTWR06WKSDMN075.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C821D9557BD34a98B7E87767C887165F.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3A09FAFE29F1429aA133005D65931A9A.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B57C6AB4029C421eAF3ADBCD78767545.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BU9SIY3O19REGSGM90Z0.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9CFDE82CF4A54d26AB1E9D29D2AAD036.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 34346D0A173443cb9D62C088D393696A.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\GSSJ56ALN2CVXUBB4ZP7.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6B0CE21AC0DE4c1597FB9A5432D9FBDA.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JX4ZB9T20LEXD0ZQZ35R.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\E518.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA365505E4F1468f835DB5F3DFC0C9E6.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9940DE587500495782EA31C8F400FD98.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 73AFDB6D695A490aB8BE1D2C2C7DDC0C.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ALQYF7VP6ZC9GCE5Z2V9.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 91171F2B8ABC41c9925852CB5C82632F.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\78DWMT3UNEI6VX95Z3A2.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 53ECF0823AB248da8F58F81DADB8133A.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 133BFFBF37294b5dA6B9B15A865E0B50.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RRVY0RGOPVOF0DXLQVZE.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA3BBB6C87F24e9bB3A8D9C94119CA1F.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 957EE0C83F8641c7BFA76090B5CE4FC3.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F2193AE6566D4e459462837816C35CFD.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3H4O0GGZWR5LWAIY0SPK.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0E44AA57B9D1453d86C9207B53B0EF25.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZMKY4PUBJ3BUS88N3WGZ.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 47DEFEF72A214c8389FC07CF35E71B92.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5CF85216D95D424bB3515E78EBCD7CA8.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CK5KH4B7LNR15L2NIT6P.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0DEFD27387414bb8910C0646BDCCC6DE.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8FD796A8D3D0409aAF9E761C4A5F409B.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BE16C52457E444c585852A6DA456F7C6.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4HEFI9GMRRVP073Q8BGK.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E90A8B034E4F4a12B995F96964EEEC76.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LJG9HRSCDNMV7ICPIB92.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 44D5828D33F547bd8302F24FD8516235.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9D01D2393E5240bb90DCE670888B2F98.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\5dc21510.jpg",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WBUB970ITZ181ZAYDCKJ.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B73B0D6D8B07482186528C4F39E96F30.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4F9D8768290444829231E527D9921B19.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B72C32457943425d85326FE4D6C6B95E.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\FS7DCS7R6QO12N2T8AT1.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\511D.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 26674990AEB441628BE5A51900E0A092.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K81DIWQ5CIHUX6V4S5YX.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B94A08D05B5D4d0394D54A483BE511A7.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 968517E14A574f0cABA5ACA7A8EABF8A.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XM9KA3L4FVPYN3WZAB8X.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 87B92911D7854cce9315C9BA49272D31.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EE63808257FC4a2383C158F96C37791D.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4203D476793C4e38B9FEB05E76C64062.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JL87XE20S4GK672ZPO2X.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\C64SQJSFBFKJXC8MFWCS.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 871AC25807074c0888B0824A2B207F06.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 187F3DF54BB84621BFFB0FD34338DE2D.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6C240C42FDF3484696F4D2A3FA39E48E.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\V59FN3JQW2ZOF305GBDJ.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F225C096E0D443c7BD54731DE096E7E0.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6A69C80C30714d34A6694671D3C47815.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7D001EDE071647b0A8EAC53C132AFB18.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BBO7MZ8GYPUIODA907CH.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\GTMMLEQY1RYQFKL3BWF2.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B9690699EDED463f858F83BB1D54A602.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B11C9EBE46CC4691AE689D70B8C31A0B.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1FC81CDD11F04be7AC96F307EFB4F6AF.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\99WZIYJH93L6TBZEWR5K.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AF2EA036E62C448388EB8BF37F5CF000.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D8E08D7848EB4c36B0B095140C081C24.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FC9C5021A25E4178B9A502DF2DC680ED.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\H9Y7H16ENFI0BM87JJYJ.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2SPD4AYJ43NJIS45WX0P.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E22BE1116C624132A6A6D491EF04AE8A.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2D62094AD23F4f498CAD331E4E1D214C.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ECD7B755FCE040b283AD4B72035A0328.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\BD23.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QTMKYTDXT3I14MJFP67I.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E28FD3235CC7499bBE51E29DA286A63B.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3D1F5D8968FB4ca593CEDF12652E50B6.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F7CD496F370644f9A15499B32C760B20.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RWRDAQESFJ0M3VH07KUA.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\51UDDVZ1ZXIY5MV2604Y.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6F26E299DF844c4dBC2C3AF3FFD4509F.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 440E3B241A434b86B1CD7ADEE4FA17BB.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9A7947E8903242d1A8846F10260ED34C.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YZ8YLPRBHAYBQ9ES2NMN.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5AA71F83568F4cdf9A94EA55705D6E60.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 35F90F2369564da997E26199179B960F.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 599CCD20C5A643f892E32057912A0122.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OJMZNIGCF6SXOEQ0CYKH.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16YQLGK1YOE2SJZ2WLDF.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9C6B644BDD924070B2E6DFCF5281C5EF.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DC2F4EC080E74d1bA96C49588260A0CE.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4853DBCF26274815922A9A26FD3A6C3C.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\B402.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3MTMGDI8XTFEP9L9TS1H.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 29FF1931A3A54a77B64355C8A6781931.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EBDA54E8A8DE406b8728DEB15C4B2790.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2FFE5D8B39B84c969CA2E4F92ACC94C9.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\59JDTLYB66MM2K6OXAYO.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\GWV2JNR86MPXCWRE9SYS.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 36D1478711514b8b867E09A3618691C1.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 90CA62012B934e5482851BE5F73A59DB.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 326CAC08154846819618023046BC1D1E.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2MCN414YLXDY4T83ZK4P.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\2937.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CF0ED9CB42FC4af4A59F44C9CB684816.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 86503A31DF044abaB3D40A4F3762EE0F.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DF7B2EF96F174ec5ABE6C38D59AC8001.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0GNNJ1ZXBVHKRMYS93PG.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\B2DC.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\FK256VZMU2SLR25J8RPU.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\chrome_BITS_7132_24501\BIT53D3.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 119BCDAD0CDC4766B8F3FF2CCF230535.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 830739F803D94cd2B52C70FA782C34E4.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7C3D625B360F4c3a8A3862F4D0225E2C.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1D3F.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\F60F.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\806EXRHLCLM260J8MF0Q.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\chrome_BITS_7132_24308\BIT8799.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131317737810820773.txt.~tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4D5E976E8A18446eA7285ADFD9FAE683.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131317737706637352.txt.~tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B85CE6676125496a899A5C3255526651.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 40517EEDD17E44dfAB1E5C29570EC96A.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Q0JP1T4JP7Y4TG7RYJ2J.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\7A25.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\475C.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\416F.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\141b57f.msp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DSWID79G6YT6KAZAVQ8D.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Updater.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFFC3D.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Search.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFFC0C.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFFB7D.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\logsession.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFFACF.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\adoberfp.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFFABE.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFFA10.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF9B0.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\Eula.exe",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF99F.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF92F.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\eBook.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF90E.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\weblink.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF8FC.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\SendMail.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF88D.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\ReadOutLoud.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF82D.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\PPKLite.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF750.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\IA32.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF6C2.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\EScript.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF662.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\DigSig.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF641.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\DVA.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF62F.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Checkers.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF61E.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF4A5.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Annots.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF3C8.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF368.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF318.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\Flash.mpp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF306.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF297.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\rt3d.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF218.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins3d\tesselate.x3d",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF1B8.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prcr.x3d",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF139.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvDX9.x3d",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF0E9.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins3d\3difr.x3d",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF0C8.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins3d\2d.x3d",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF0A7.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvSOFT.x3d",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF085.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Spelling.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFF054.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\SaveAsRTF.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFEFC6.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\reflow.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFEFA5.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\PDDom.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFEF54.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\MakeAccessible.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFEF14.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Accessibility.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFEEF3.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\Javascripts\JSByteCodeWin.bin",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFEEC2.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\sqlite.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFEEB0.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\reader_sl.exe",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFEE9F.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFEE5E.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\CoolType.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFEDA1.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFED50.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\BIB.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFED20.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AGM.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFECC0.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFEC22.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFEBD1.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFEAF5.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 89FD4904CF0448c682A87F9E4E46EB5F.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFEAC4.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFEA06.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFE726.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\ACE.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFE705.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AXSLE.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFE6F3.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFE6D2.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFE6C0.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFE69F.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFE66E.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFE65C.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFE63B.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFE62A.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFE57C.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFE54B.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PFE539.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\manifest.json",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\DirectInk.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\DirectInk.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\DropboxStorage.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\StorageConnectors.api",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE3D0.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE3CF.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE3BE.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE3AE.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE3AD.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE39C.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE38B.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE38A.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE37A.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE369.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE368.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE357.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE347.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE336.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE326.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE315.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE314.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE303.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE302.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE2E2.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE2E1.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE2D0.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE2CF.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE2BF.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE2AE.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE2AD.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE29D.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE26D.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE26C.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE25B.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE25A.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE249.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE248.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE238.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE237.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE236.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE225.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE224.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE214.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE213.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE202.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE201.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE1F0.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE1EF.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE1CF.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE1BE.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE1AE.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE1AD.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE19C.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE19B.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE17B.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE17A.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE169.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE159.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE148.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE147.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE136.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE135.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AdobeLinguistic.dll",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE115.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE114.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE104.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE0F3.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\PTE0E2.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CCBA26BA615D45058370479A997F45C6.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\chrome_BITS_7132_15574\BIT41D9.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 290493E4BE2A43e3BFEBDF741702C23A.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\141b4a2.msp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\141b4a0.msp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ab66cce8f42d14dc66b2efe205d292a3\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BIT6C7A.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fb8149954d2f41f0159ab7140c0971c0\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TS5AJNZJGB86RW96MVOL.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\319e0a420c25e8d70e9a248bb242b47b\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9a2f00230dbe20b678aa1953045d9183\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\493a57dfc1483505839cef83361c47b9\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\493a57dfc1483505839cef83361c47b9\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1IVYOTDSK6JTVDSR4HT8.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\chrome_BITS_7132_25509\BIT5F0A.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0NEC8FDWUY1EVXS5BQOI.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9714.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\863A.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131317736267447627.txt.~tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\493a57dfc1483505839cef83361c47b9\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe","C:\Users\user\AppData\Local\Microsoft\OneDrive\settings\Personal\global.temp.ini",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Users\user\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe","C:\Users\user\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\F6EBZMXGUPJLS41H3J6N.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\D353.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9a2f00230dbe20b678aa1953045d9183\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\953F.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\34c14f8b56118f8f0508f6308a018cec\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0230ecbcd29eb903e081212455fde105\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EINCPWMROWILY5GDNVZT.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 90A8B6C95C8F418b8986F220D33A7B49.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 18D72A77E9804403A12651C3CEB836FC.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 18A4F36438F647b6ABA31AE5069B4B36.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\493a57dfc1483505839cef83361c47b9\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SZ8T31OQ935NNXNTNYVV.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\34c14f8b56118f8f0508f6308a018cec\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 406F88E1AE6042f0B5C271349B4A691B.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\32bd41b85c33495891535fa4adab3328\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 194468ECA2DA44ebA3EEF8F526C3E71B.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 96859E664DF84cbfB26ECFE05F8A2B3C.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PMG38KJ8B41FZ9IB8V8W.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0230ecbcd29eb903e081212455fde105\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5bd051f7e9b7b477c050a5eefc19443c\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WRVGEA9P7QYH9MIEJA9N.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3894BCFDA50B47648E2B5F17F164340C.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 97251E12AEC04f1b93AD412310FF573A.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5d115ede999378282940b9b18e9c3fd9\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4C9849D2745346849760E5DF6051F5F6.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YKOK2LWVLPGBS9ZDBWZS.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5FFA.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT71AB.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\38D9.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\3aa1f91696154f5e00180c62156cf97e\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 98DAD565C0F94cd396B63192CB421520.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 65CF194CC93B4b61B58A3E9FF9B3A7CE.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8D861C32E4034ba8B3294261A90EB224.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\11A9.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\3215a9c47e0db6c8f16353b2210a2043\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5ZKDTU55DYJCTKJAMDKD.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\485812faa98f4f6289a9e60de11c841a\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\EA97.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DCAB.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\D383.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\98DA.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\95BC.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\R6AV08Z5GEY8Q9KHB6BJ.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\69ca86f7fad80701f9ba01f55eac0861\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CD63A41ECE8E487a842324F0DA38B222.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B3D18839626B4a9f930A624F13B275AF.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D70FA0DBBA1F468e9BDC3BC5EC5FBE1B.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BIT2FCD.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b42afde1497f83029b92856f18f587b4\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\13c2189.msi",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\13c2181.msi",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BITA2AF.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\V3E1PI4XAV0P97TQB2YI.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\a3cd6825-37fb-4dce-8f58-e001534bd8eb\index-dir\temp-index",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\F0EA.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\EBF7.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E7ED41526E3A4e61B5F0C0206CBDC823.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E5E91B99A2C54247AF1B79A833EAA8B8.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B8012BB902DC47caA23C7981FAA0F3AF.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\A72D.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\3e68cc9c49d4d009cb5f7910aca79814\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2d1c6513c4d4a82f68e0d50a705cf78b\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\385c082b70e39815d331574e14843b0c\BlockMap.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\9E81.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DBA1GFREKP0T05U49NB7.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BIT1FFE.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT39E1.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\607C.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9NAORHGMLAHXT7S4KTYZ.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\a3cd6825-37fb-4dce-8f58-e001534bd8eb\index-dir\temp-index",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\3CB6.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT35C9.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XJ54H0MLDSZ4OEICJE9O.temp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9D3ED5FAA9D74859933DE8B4DC3226D1.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\BITAF71.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\77ff848b-458e-4bc8-85dd-820794defa79\index-dir\temp-index",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B67151EDAAD642a9A2F5EC6EE9CBA8E0.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\393.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1FB.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1CB.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1BB.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\12D.tmp",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6DA31D33CDE24425B909611B2CDA0F88.ppd",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\LOG",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-02-17T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___1920_1200_notdimmed.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4C410C40217A41ab88AE2EF86D4CE8A5.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 04CD8ABED3F14060B9C8E2322FEF448E.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C5068568FCBF4d4eB22AD03472F24063.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BD4901AE1A934a9cA2CA5ED19FC5CB48.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EC9FA334D9A84273BD1929321AF69ACA.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 97F7F67BF1994cddA7BDA89C607635F2.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2AE91862C4AB438a872E699BE3A8C006.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4A57E484131541ccBAC90C5E9D86A23A.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A762A116DB6049e0AA7628A0AEB85A50.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9F8EC198C0F246c0A20605D0139F57DA.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DC8DAEAE0E3E4051AC8C14E7F837230A.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2C171080AB164cb48F23888F9AC4A849.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 51ACFB0B23944ba58FC7293B5D75EF02.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 11F0F1957ACF48deAFAAFE229CC8F5D2.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 33D07B373D4B4612B6CEAB6847BF264C.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0B76ECDC8A4F45c78F79D8DADDB2F354.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C25EE9A0345741dbA26964BA287255E5.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E785542140734b1dAB4C99D5B0BA9157.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EB3E7A4F70D445c2828BC9E92D35C11B.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9AD36159C4204b2eAD7B6DF4574F843D.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 13A18C935FB64d629CAA90B9B76496C8.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 40BA12AACD1249cdAA755B3A4B328F78.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C97F4A75219643aa836BC12D79CC49E7.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 991348A11CBE40c187191B3668504C2F.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D606486DD9484046A173FFBA775C686C.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B1EDE95A166640498FE0CD7FEADEF5F4.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BCC6E068667A484e82014F64559D502B.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2DEFE349B23E45d09D7B15ABB7A1035A.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C97D25FE73514c82B9C7700D9E99926C.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7D9B6085F7294a7bB359C3A4A0451EA8.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 15D43271A592492b8E1DE3654FF856EE.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CB331456A0EC455596B609DDDBF0D012.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5615789D79964713B9B64A2E09370D87.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9C960AB9889A45fe9A9814122898C61C.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 88AF1258FF3140f587FCCBB088B7F8C0.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 88234E8AD96B4cb5B9D43AB107348ED7.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4118CC2DCF1F49509490852B8954EC13.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7BCB038B99A849bb98A426BC92C0560A.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9205518ADBC14eba9962C519B2D3F51E.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 003AFBB26F3D4b6fB9A4B70DECACE3F7.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DE7EEA74920A425791E2AC205F425DBD.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0EF4F585BE3E4bd2ABB86C33E7AC84F8.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2BC6A080DD02421f97A44276EDC59376.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 64C36A0D006B4722A70B8A7FD26EB31D.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9DE0FE74DEFF446bA64D71D659D5E129.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AC3D689637C54323A0B6041BED708902.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C0C4C4F9C8A644dfABFEBCBCB2909B12.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 20676B9917DD4412ABABD41D5F87B2C2.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F7D547DE8B364d0998A0D1D37FEA35B1.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 07F54AD9E2AC4034A446387255504B7A.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A4BBDE6C9EF840f682F0D1BEA47DB4DC.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 28B2DFDF32204e329977DDDB89623164.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5955FBE395C14eb8BB5D9D63D84BF443.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CE0EAD599AAD47e6BEC15FCDC327F423.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2C4B8C0858374897A203C7BF0597B73A.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 35FAECB3BD36494aB1DE1EC345766DB7.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 775452DB3A3E4e10B8879CF58F3E7F2C.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1772954A86E14705B0770CDF042EECBF.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7C4ECC84D41F48e0858D83DE46BF54A9.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 349295B002024003B38E81285D9B914C.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 85E733CEE4584aa680A327AB5C2726D8.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CDA60A6E26244b0dA92FCCD4A444F996.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9272FB8A010149f6849F07CC0D715206.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 36946EC54ACC40b1BEA2E5F278200695.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DA8922CE53704aacBB4F200161DB97DF.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 191ACB43E2074492913E4A0E62DCD166.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 87A1BFE50AFA404e8C8A48049D5A694A.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 38DE4C65F85D423fB19DDAC394E4576E.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6BE904C8E2C54267A0D7A5F60504011A.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2B972C5F29B0495a94DDB11620A46779.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 570548154EAC4e74A36C6CBD631401C9.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5F6043E0F7374106AEF2FF27041B250D.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 18F8C93FD4B94ab89D52FB531430753C.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DFF3CD2F3CAE4c55A9298689BE0A1F15.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CB24CB4594EE42e0BE9AD1541ABB6286.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 74AB09D367D2471494D531A0924DA6E5.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8D89C2F1F0644135872B499FDF393E91.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C373AB0EB1754f289E46DF1E09D5DDD1.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ECA61C8DEF32413d9065AE58BB8A8DFE.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0412C746033F421aB5E9C46E6683FA43.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8E4023630F404255BECC9A0747B24AA2.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 641B4CBC6E8A4ff38B41EF51A24426A2.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6F8714C737774b7bB898B2633F40722A.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 727B6E5D89594cc4A5B2B60C6714B4A1.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 98552280A308451eB13A69BFEA9D59DC.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 28AEEC37250B4d04B2FA7DE00CC0F6CC.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BDD08ADEA8EF4819B268C49CAC7C53E8.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5E2663A715CD4d5aA0500D5DFDADCCFC.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FA65A4A5C6C44eb98023F0E400ADBD36.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 189E02D40EB94bffB99B00C0CE25F7EB.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 063E9B979D3743c982367EE90175D23B.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5A0A40D2924B43bdB31487C6947DD7A3.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 33B004487558419bBF3A539E2B6F3E0D.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 07D03D25105E4916883BBAD3A2DAD272.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E12F244673074b43807F6A4CB7F30897.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7DFA5A5A6DA74bb1B1178DD1AC75FC29.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 89676C2375174bcd9D6E1654174DAD2F.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9A415A56AF834f19BD07CB6FD8786183.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 70051961F6F2479cAD2C09C06A1A0009.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3A2852C187984af6A5FC976B94F1F21E.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 801068139751417e9BEA78679F54984B.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6ED8CF37617D49059518F700E8E85B93.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 35C4662243204bd89351D74E5D296A07.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 889616F266B142f99FA8627A3E3A46DD.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FFA6BFC8773D41bc9A77323CF4272634.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B958AD5723BD472aA30295A462E2F15F.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B925546CB89346a38894C8906EF772BC.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0A2BFEC7ADEE4e94BC7A83FC890DD157.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0BB12493669D4389B8C446294CB9DD1D.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CDD8BC9AB27B42beBA5F784614A8D781.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CA6F304E57A84dd4A4C31244FC0B9031.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 76BFE3DB5BB64d5a9E5E8F31CD855F3F.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B542ECBA34E54a048E34B865D3A24B2D.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F3C1EE01ED794f94B039A477AD91FA37.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A67AB8F429734e9897C35975FBCF1044.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C27240DF91DE444f89DF719C0BAED130.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3AD5E2BFAD5E4cd7956BC4491E9E629F.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\40EE.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\40BE.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 848D6AB1216B41e1A558F4139215C896.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 92FBD8407B4F46b3BFFD185C8DE9F931.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8B6AA731639F4ef9BB59842299252215.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D4E69F09BDCD42228005A94D05C4EDD0.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A79C1867F3FB44ab859D7331AEB9CD95.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6149EAB03AC94edb96316AC22547EFBD.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AF9C5CD7588A4c09A82C13E0B824DB64.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0D654BDCFBC248c6A31564C49C3159EF.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E2C750F8E1354620BB2EC662EBC8FB8A.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6DED518DE0C04429991BCB131E6E37C0.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 485DD3ECC82A4126A9C135CDBB97ABB9.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 18CFC426FA6347d8875508682A57EFC8.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C6CD.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A85A5CD17ED04975945522F9859327D7.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A06CCAA5B67E487f9AD73742743A6AE6.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8B8B09ACE9F6486d94F7CF13AA238067.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\A049.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C65E31F6E0FC48bd96C601132FCFFF9E.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CD897E898A564db8A743C4D621083BB6.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6FD7B32422E6429d8FD90199E1F170AA.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\5AA1.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\395A.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\LOG",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D758F8C6B96440b3B37314BBCEF76BF5.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1B0D92F1131F4974BCA1AF9AE8B1A193.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CBB9.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DB8EBA12FA7C41c7B142D223BDCCEFDA.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\30EE.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ECD427FB07F149b0AACD4FAC673CB14B.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 77A403FED1C0424aB71EC89A412299C1.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 33B57506F0FD4fb0BCB8881579C95E98.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\9aa52aa0-44a9-4fc3-8907-904f45dcc66b\index-dir\temp-index",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 72252701D535435fAB5B8B612A4F4025.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3BC682D9601A4452BD596B8DBC2FC2B5.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 74435454A21A4018979E640DD85B602E.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6B2F.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4170.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\FA71.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\D5FF.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\D266.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E705051236DB4b59947728E482F64E74.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FD39638CBD3B48ec8A7CE5F1BDD98D89.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D8F34C1AEFD04db3BDECA392810981C3.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\B8EC.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\0b37a91d-a37a-4671-b782-870cb31f7e93\index-dir\temp-index",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Users\User\AppData\Local\Temp\chrome_BITS_3576_22560\BITEC8D.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\Logs\CBS\CbsPersist_20170126205619.cab",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B9F9709867C747398876A1680CFA84A8.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B845C08C01B34a52900FE4F62377326E.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6E73AC48242D4a53B6D18F3D147C2D74.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\4E27.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DCE674E471EB4764A5EEC4FCB4E1FF59.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1D4B7CC4D9FF4536ACFE4A2B24149DB4.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E5C69C111E4846ca98A230C23310505F.ppd",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\131A.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F42.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C93.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\C63.tmp",2
"2017-01-26T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\B8TPS5HJD8Y7ZR1G7PJN.temp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E010DE4650CD4dec9AA8017A2E02AFD9.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 570F69E4169C4db4984F70E466F97C11.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 85A6D3753CB94ac885E90DFA038EB2A9.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E266F2A262EC4ef8B3DC120094C42076.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 10CB54A007C54f0580C1D7D045598999.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1833721760834107BE52A32DA5A9E0B5.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1CF204E05E6E4beeAD6BF31C5AFF44BC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 736CF3A72086481c8B0F96DBE105EC19.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 43DBB378381E40fc9DC6DCAC42769822.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B7293F61ACB3487c8126D992170D414A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B5F1668D0ACF460c89C8A6E4BECB03FC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2257D88E94BA4829AB1ECCF8680BB221.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AD04CA1C698D4038A3D7251B61E5FAB5.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8EBD83BA89E6407782D85B24C429F7BE.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1504A51C47EA427985A055040F42DD1C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 14A560ED5F4D44c0B034436C8B1DA893.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C46B8E4871CA4df6859FFE273B67D2DA.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 67F9A6BD2DEC45d39583780E0663A21E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\E8EC.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CED2BE5F1F934d11BD71D0CE6E929FD0.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 16E06E54B234451cA7A34768679A77DA.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D619141DDC9F4d7a9622F42B037F4C1C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B00AB54E9680476d92A929BC3DCD1DC1.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 010AB23EF7474439B4167860CA258C47.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6C7C1D6E034446a0BB41F59B7C35EDCA.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 41D7B79EBDBF4e4d8A388BEDEFBD58B1.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8BD1F51B82424835809DC90CF48924A8.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3E04E85F1C3843a393832312663D2611.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 59F79E9540B3461d98342E9488B832B7.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1BC184915CA24221BD1F30E20A51EBF6.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 29AF00CA232D46e79399ED4710F1DF15.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CBD3E601057D4adeAF54A1F076534F7F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8D3D60E9ABD34d0f94BAFD71D18C786A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3B16828CAFFB4af6AA3D6C719CDE4FAC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 67ED172C2986441e9CF8D211579F2130.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 82AE928EFDA3492eB4C84BBEBD14A619.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6F23EF61480C486eB6873358C764D416.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E394DB420BF64c71BFE7B300F392F4E9.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3717EDE76CC340d78050BDE7F5F17DEC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 38013F2AFA954f1fB7F23C25A35634CD.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\54F5.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3DEF8C5CFEF548d0AF2D35B76142E2DD.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 743E97E7B38F4ea5BD866D78E372AA4D.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 361B6935A29A4ca39BCCBD0CD39EFEB0.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F137BF3E0791498d9D01938F0584104E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 01AA4DBBB0094f748ECE50CB9A3D5492.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 974EACAB9FA4435b8E6286FCDE8DE019.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 50F2813BD93F49f3B49FB412142DF868.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E37A403112414f4eA8797857A5A27C16.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5C8016C7F01F4942B8BEC4A42FEE65FF.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B5F5C078436C4b60BA9BB07319702274.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E8F9DBFB14784fb683B7E561FD3F5F08.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 96D14384E36E408c8D22838BB03106B0.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E55CD399F4BB4aa4BF735F3E0CDC54D5.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2DD84D963790429bB3983C892461C478.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D298AB7F026C447196B5EBF9522262B4.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AEE5054D760142439CEECD59DEBA6449.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5FF9C05B2F2742ffADD15A4B336FD3E3.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4A1A0D20363B43e79439F1ACB7418489.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\C11E.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2270C4B516104695A8ED1DB606D0C1BF.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 396C76A69A11458eAE2B868959CCEC32.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0BE1E27834244e7e886E0A7B2BEE4365.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0CB22FE0A1AB4aacAFE89C0DFB55CA9E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CCC50BE9662842938E874EB04AD2F693.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A26E85F1A7B74655AD5AFE42E59E6B12.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 09F1593EB74D4ad4862E373802B83E00.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A451EB41B2774a2b90B0467EC18BBA5D.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2DCAD0B397D6460a9008F0CF10FB1C89.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BF2421A22C99450eAE9BB6C28D4F63CB.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D7DBF2741235432983106B3A4A48E0F4.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B8FED41CDE864b1dA93475E2FFC3E551.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E15AA862E3024d8dB25F7105423C82B3.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A54F9DDAD2064dc195A56871C2104945.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2B80C19D41C84586AC3139F3495B5D44.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6AF3D6857169478c90B3015A48A845A2.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 48435CA0B35F4cc792CDE24D55421800.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7257F99C588C4efeB25D90E218151D39.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 79AE9735CC9C44f8A207D60464EF5A9F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3A1969B4DED04b4aA9920854104471DA.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 263AAA93B8554c2cA439F7D1B3516FBA.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\2D38.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 00ABD5C5B39A4fe29CB02A2002362D6F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AD9C875591B4492b90345366B806DACF.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DEDFAC2F3CA24fdaB241B29F050E261B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B007F2FC165D4d18BEBB6264F58EC187.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F6D79729628F45e5A44C938CDF39F8AA.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D4665FA8FD544380A384E712FB30FD7F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1D37039FAF384ade876B9C215C391A70.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 208D00FD96C4480899AB8C2DE0065C27.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 20EFBFEA0DFC47629B1B66D98C121BE8.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6723E341EADC4412BE9737B5A6521148.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CCF44DF3A7594bc5BC772FA1D2812426.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 13972C7869F744b2BEC01EDDA9290CB7.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 48C115763BB44fac88F38C30098D6BEC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A7B2989D5D6147a884AAA6E5334D0177.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 17528F2D3B8A4eb4B0607B43E1BDD1CE.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F71A.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CDD6F1A2234E45edA976F3A96FBB1251.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 04FCB4237B2F4538BF7457278CAB9047.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4348F01D8C4C480dAD49F7903A91D109.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D682B9C75BB24f6aA8B48169CDF9DB7C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 26D079A13A284997B8A7DDA12B3F8D23.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 173067CF63CF45c19DE1294B8547F3BB.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9B53.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\994F.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6AEFF78CD04D417f8CF3FDAFC0D71ADA.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7A1EF03F57574d9e9C307A3BAB8B9CC9.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E8955FCD343C4fceB8B9BC3ABEDBFE36.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E8F751BB45AE4840A551DAD44CB9E712.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 17DEB00CF9844e3a8AEBF224495E059C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3BA7E7DA7415410fBEF2B656AF1D56CC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8C37ED85CE694713BD5E21BCD95AD0C2.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7919E6C0B72D4756A842E9ABBF761416.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 27188DC6E4A64658B87C4BF54D8C079E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BITDECC.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 96D1AAFC7AC2499bAE26F3FDBAF43183.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8C8BDE2C415F4876B6C93EE7BF03328B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 19F57FDDFD664b77A563305A85DAA77D.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B1DCFC9B407B4efb80C1F24956F3F8DA.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BF0E60A8BC7543c6B6191B7086E89611.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1DA555558B4341e28082721AF1D18267.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4CA339EAFF3F4840B7C8DD8AFC4E9CF8.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 056077B903C540cfA6414D3BF4A02A59.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 21134AADF883459e84705D42227FAE9E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\559.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FC7862BF6762450d869E8BCEBCA22A08.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7C3DA226E3A548ba85EA24CA09F88B80.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 22716D1289BE4a9aACBFE209FA03A680.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9F7E17441EC6406bB26E70867CBB5E66.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B0E3D4DE98AB470fB0E98736AC22BADE.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 69527568A5CC46e780D2D081638659C4.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 28E2BE11C3BD484b853EF084153D4C8A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 281AC62AF449441791679086AAECF928.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 86385AD87BA642daB4ADF260D0071574.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E9B963481CFE4ca5867BD3BB0942C9F9.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2124C6F4DBB3458984622D516759F6EC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DF24AFF56D694a6481389BA802453A64.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ADEFA37664AC48b19CCFCF70FCDD6FC2.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0F11AB78AFF84a1c8D5B05B0E005572B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 027C15D24690499bBD1CAB9E27809DF4.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DD2F4758A5844a5fAC6DAB209278687A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AD6F5A15CD14494b92CD165F719C0BF9.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CA60252DFCAD4a1f95FB3F751E7C907C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\5F5A.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 11AFC7F41C2A447294E0207CBF66CBB8.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A00EAC46C5864e4dB70C39456F9E4BE1.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 164CB6B381524f76A20BC0455F40A406.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\7171.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\3866.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 62F447662CA84b7693BFA6F8ADD4AA8C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B1E8A82FCA694e4193E98D99E7DB02A9.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 952554D37DCE44bdBD61CF5DD5B24012.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\FDC6.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\D6B5.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\AF95.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8884.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 115CA0C257F546fc97720345D04E8167.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 239006563C1D448fB5EDF8BEE5F75434.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 68721AC7C70C46ec8AD08DF83EEF3387.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\3A35.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\BAB9.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A64AE7865B0849b687FD09F6F73841BC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EB751336119A4c78961097B9BDC63381.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 19A757F5836142d1A2449AA245F4DFE6.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\7EE0.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2E82A7ACBA1E41af85BC5DF8D1577495.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 20336B13B7C6476589B8603F994108AE.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F922F0AEDD61491b9FC16E13A09F45BC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\906C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B3F179F2581C48f8A52E977B0DD64030.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 656551DD9695400391A0FFB33991EEE9.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8C9E21DF2B074a8f822CCEF9B6C04577.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\CDE8.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\0b37a91d-a37a-4671-b782-870cb31f7e93\index-dir\temp-index",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D89B560A268D4858B4F30E396CED8744.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 52AD2F505810439fADDBC674EF869B81.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DFC5DB61FDA144e6837A1FA02508CF49.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\7BC2.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\1DD9.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\0b37a91d-a37a-4671-b782-870cb31f7e93\index-dir\temp-index",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3GHJKBDN38RDEI6MTC7B.temp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F5BA.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1899538F6E224c19860C78CE7A339D59.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E0A3.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\DEEE.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\DEED.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\DD75.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 14FE8A9AC55B4d70AC46517F173E4780.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3E44403A510A4917ABB28DD13D39A005.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\LOG",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\0b37a91d-a37a-4671-b782-870cb31f7e93\index-dir\temp-index",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\0c38426a-fd06-4069-b19d-71326da1985e\index-dir\temp-index",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\0b37a91d-a37a-4671-b782-870cb31f7e93\index-dir\temp-index",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\0c38426a-fd06-4069-b19d-71326da1985e\index-dir\temp-index",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET6C9.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET6B8.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET689.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET62A.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET629.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET628.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET617.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET616.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET615.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET614.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET613.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET612.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET602.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET555.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET4D7.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SET370.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET35F.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET2C2.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET2C1.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET2C0.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET1A6.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET1A5.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET1A4.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET1A3.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET1A2.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET192.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET87.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET86.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SETFFCA.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFFC9.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFFB9.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFFB8.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SETFF2A.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF29.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF19.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF18.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFE9A.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFE89.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFE3A.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFD40.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFD3F.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFCA2.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ED96CE98F8C84f48A0E8CB3B758A6428.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\EABD.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\EABC.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\0b37a91d-a37a-4671-b782-870cb31f7e93\index-dir\temp-index",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CE27.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\A7C2.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D0872ACE33F247058FE413B4187FF376.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D120B9B5E10E4f2cA24D06103454DCEB.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C1B1BE61FE4C4ea8A8F78037210B4156.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7297C26BA3FC4bb08A7B543861CD8068.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 37D1E86AD4034ff48CD68970C02B8E8B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8218.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 39F29983AA5C41feBD17F66F9523C80D.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\5B07.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\33E7.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CD6.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E5C6.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DB569D9FF45247ae89EE73585843190F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A600662EC23E4b72A89D6C480439FAE8.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7B3D2EBA8CA74b1eABC78984C764E657.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\BEB5.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\97A4.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\7094.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4983.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 25BE8CCD97C348218F7D6C82CF2484B2.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D98CD0B996C6465b9F71DE978FEB3F5A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2272.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A2B6E996B1D1411aA51323BA3BE5CF9F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E7D2.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C0C1.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\99B1.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 17F7E348B0354859BB5C21B63646A37A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\72A0.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 42DD805189A340fa9DD590B55C3E9963.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8F8A05D7A22A4947AF6A9108DE9E2133.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4B80.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\39FC.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\13E5.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\12EA.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F3BE1D414BEB4879A0B7E5A5CD4C6759.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9256DA9AE60C41c8BA6347DF7A33D6BF.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 44186F9CF1454141856667D5228BA536.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\EBD9.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C4C9.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9DB8.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\7698.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F03E042A611547fbA0C74D240FFC01B7.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3EF48899DA8D47da9DB2AA0D85D8E753.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 09F43CC29BAD425096274755B5E4D09B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\3C07.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\14F6.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E2E43AEB7D6C4a2185DE76A478AC5277.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A5745311B6624581B334095669CBB252.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5A7FCA034F724f6eB73A05D123527B28.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7AC08B621B7C406aBCA19E6CEB884089.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6D4D8955882844869F71A4A97C72C8E6.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3833DAD933484320862E9656DB2C2CF4.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\817D.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 17F33AA90FC745f88AB7AAA3FC606A69.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3F11393ADCF9425aB8C0AEBB48D456CC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 31675B75A8F947a394F570611E8CE873.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0794B9C5AAE64e7cBFF2F4B927B3125B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 24E6268D995D44caBF08CE5C97B1015A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1FD80EB964624b2b88376354AA533293.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2B8385D7B2F64735855BEB02A84FB872.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EAFEC1EB01974ab79995A0DE221F66AD.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 907AA133CFC947ebA199312868E4884C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\7FD7.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D08D5709360D44f183B8D19F2DD1875C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 98E5DA3D28C447969602883FD00F4155.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 859E4E678E7C49e6B36E0DF7A3AB10BF.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7A10DB64264443f58ECA5FC375018EA9.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 78A5B19A2E214ddc9140FE7F73A1BE26.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B734FF2D00964274B45BF5F54BD35399.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 830BC1A8413348d5862D6DB1570C50CE.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7C522089D84A4f2aA2836CA6F35E6992.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EDFB931567F64db1BA302890BDEBFB16.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 426F02C88AA449c58D3EA88F983CEA5B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 46B704C2D2194c5d8D6BC57D63CAE5CD.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9068CF09EB9043cf8D85F69BC0F6CDF7.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DC9D4794734C4e60881B5E9885C2D9F5.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 18036BF00C854663B11233D12106A7D6.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 43149838F65F40278ADC9E612E225030.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7E0F9AA54580421fBA770EF58746822B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0C49750C490144ac92897C1077C22B90.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 412A47B1B09E4030BB88C510CCE00DB5.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 79CBCEC7395D470e83D0F3C13209FC50.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0855D24879DB4319A327F1517A3D803C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EDA2624903784e9aA72B46BB4083917D.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\EC00.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A0C06184F26941cc807B1A20937B4257.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5B898CD725904479B67087B4EF7DC812.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 816C0D5D11D042f195D9E09EC0C0DDFA.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6013F947E7894828AC86E6C301AAA87D.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DF50F29F5FE340d0AF8487D509BB5DE8.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ED08DBE90B2348dd844BC8817F5D35D4.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 623B9F74E3FB42b998D15173C14FF038.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7D2FA4052DFB4ed88BAC1FF7EDACB97D.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 18C32DCEE2934d5899D794CF4788717C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6630ED18963940fe9A4BDF87E84AA845.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 31181AA2AF15436091727C370CC906F7.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2E0506D76DFF43a6A2B107F5B44D988C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 50586B2C970244b8B66BA2FADA6084C1.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E0B7C2337BDC415692E0702C312F8FD2.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6FD294F58BE9403a898AC2EBC929B9DC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BDD06A5431BF44f983E01E46D668E630.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 99AB0D8129D7427591F431DB3E462841.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9452977713DA4b57AC622B64F259E767.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AA9F4E763A5543419E1A7E20BE111900.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FCEB68BDF473478d944E3150E475AEEF.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\5819.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 44C36E1328C84603B89C04937EE4EE93.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 238BAC46DA3B4bacA25B5ABD29368AC8.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A9277DD838D74c7a9A42DE527C24B479.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EA973712D00E4a64A85B8FD131968077.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E686D0F7CB354ae3A8DFACC8DEA85BD7.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 746CE83609DD4a41BB182910285E84DD.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3D6580D54A744f4b96CEF6B3F2AEE289.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EF08C8C608694bd9B90416F4EE7172E0.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1494582119D2481980D2C3B7BFBB3F8E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C6574DFD3C8249d99C40B9C28E11BFD4.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TV2HGOZZ85JCSSKUR9J0.temp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5B8D8D084A79446a8943724B42C5BD70.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 83C6157950614d19A8BEC5832D8702DD.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5D59DA0B4B6942219D3A3B093C51A235.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AE9CE1199CB64249B87BD818CC05FD40.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9DE461E7CD384209B84BB4CAF66B96D3.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D7139B2A0CB64d33BE8EB5D33B4A4CB2.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8867D074BD31491fBBA4742F47CA0F96.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B150E9BDE4D441d2BF80D8BE20397C98.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 45BE6270EFE6400aBC64204CE16D3521.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\C42E.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DB1BEC0EFBFB4c37A448C01F42182355.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0340F283092844a182123A25E314F689.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 74DD9DFBB6124be8B89FCADA972887C4.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 97AF62E1E85946048DD2F9333C2BB16D.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BC8E0D7B24F04954992CA124DA9B3E9B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4B5B72C1F4A749e8A57C9D637D205E09.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8B33B7F4F71E48608BC9EAAA313DC862.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3716799A997F41798E1A4D493F1CA8A4.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6B1D12E1A24B4889AF6A7C68FA7281A8.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5B429D73DCC64c9b8147EBC2339C4CA1.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7E296BE2160B4341B5DAB95DF9601875.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B63CB0320E464730B455A50CE53F513F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AE725BF3E31B47e4A55F969E9016E18A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1188E43B21294a1092F2BE15E6F4AADD.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2BE0A9BC4F044fc7B30CB7F8C294CD97.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\3057.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C0FBEBEEAF7E4f71B5A6FEF6E7484581.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D4474072B72B4566B85076E1642B3748.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A466EE6563964bd0A7DFFA3066BAC5F2.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 04DDFCBB6DE34a3e85D7CC67E6CF4596.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DA4CF0B028114a52A1966514E187C6A3.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0FA802AF5D854376927DB2E013EDA33E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ACA5EB0B3DFD4602BBFF55C5353AC19A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5D15C20C079C4899A9B5F33C2A148A15.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 11EEE8F8EFFA4f248BB7D82EBF479DEA.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 780C86AC6E5649ca878FFDC831223EFD.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7565E42D0A5F44ad857996C6AA7EBC62.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 379B9B7BB489408393C91025EE3FD17A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6D65.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 721D8DCACB2448f1A20D9636F0B9CA0B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 591FE8D7269E4515AEFCBA844EAB22BD.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 46FF49D9F92A488a87B90A0987319939.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CEBCDDEE3E96476e8AA85893E231C42A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9B23710CBA41422c909D122269590450.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 69CEF41FD2DF422bBCCF466722861D47.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\D71E.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1852AED03BE74d0194691B3AE60013BA.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6010F81F2931465a9969F1F03A5B6A2F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3BF7D2EEDD5A40faAB3A328840783020.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\9C6E.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FF810AC24F43437198D5645DA5AAF36B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9138B39691D04cc58FD2227ABAB5C783.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 21909446B1C4474eA7597E3383788474.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 867635770F974745B3FF83011E8D4D69.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DD1EF99D5DF346f6B97699B36FE381C4.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 94F17DDB11504edeAEDE9ACC81496668.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EEE444249EDB4e93AC1AF2A7EB59337B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 755061F309534215AF50037A8DEA4926.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3D6F7DC5F734442fB7E74E73174C1E52.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 034D66AC53B34bfb8E282D1C8507BB13.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AF4B4FA74F84427c87D8708CAC891A1C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B072376EE24743b29601B96E9BA4493A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B1404599DDB5480c981E51343CD46379.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 214361B580E1482cA63FB4E0AD1A90FD.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B1B25088E44A426d9A7F5D5BAE10DC74.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C21120B8B83F4b25BBBFA5FA0DF234A6.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A7F9579051AA4d8691B40DBA893B851F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8DED5D0F9C504c00A148253ED46DB975.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 13E8489D0D50440a91A3E31F6C371B76.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\888.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CD5C1B0A0F624f738BB88D743DA492F8.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 45E5C4F3A2E04b0aA445DFFBDF0D7C1A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AA3B45AD70BA402f9455E1802F2E67DC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 267D5A1CB3EB4b3dBE5E4A1644BDA372.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AFAF512075564cba9A4DAD3334B67C3E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5B6DAE41052D461c91FB82D178DAFB33.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 14260E4B18EF4551965069F749174446.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0912388BA2104d64B70499403A3569D5.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CF441A0C35954c438BC95F5D66015BC4.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E8294B46C78F47fd98CF7E1CA79E4814.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E7F92D943A524870A07C44B5E5F3C1B0.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C1E8A9D38693427cB7BCFD4C32AD22A1.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DDB2F83AE6E943f7B0C3DC5D243FFD41.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 57BEB4AF57D545bbB27A7621FD869EFB.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 35A334E440114af699BD85FBE64ED633.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3852C93693624ed8BA651FF03B55E251.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E4553845D3094f1dB32A0B56A65B3C2F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4502994937614cb3BBD88C784F388B3A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D9DA4CF4B3464b56A696E980B2AE6C2C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A0238E062B5F448cA3E105698EB60331.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\74B1.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B9639A7EA66F47d197558246533F0ACA.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4D985CCD7B0E4a17BE6C3D1905555486.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D93E8D9E16EB4862B51DDFEB166ECD71.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7EBB32D2AFD64733A00230B3C6A275FD.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F8F10C38F445482fA6DF5A200DB35285.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0978716A905B4d2fADD271625F755701.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CD4B0A04123342e484CE77637E081E1B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F8BAF659F0A040d09D7D2D523797E8DD.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E01CD2EFBE154344ADBD278643AE8FFF.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 269D14C9AA584df5973ECF2419FEED5A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D43A52EECAE4458fAE69E2C429D6B541.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BCD6C24088AC42668F44E40FF60B7706.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0C4EEE922B834243A83FBEFF92B0FDDA.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7414C5B0BB274ff182ADA2537126792F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AA9DA8F08B2E4907B882F12B4337B5D7.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CB11312C4C3747b7BAC0C130959DB514.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D0CF5AD295104e86BAD1FB5D49B95979.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 926A643077AC4979B3F25F09171B642A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1984A7B134914c35A322897BD1C89AA2.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7F85633FD57B4a7e92C462E94FC6C73E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 339FAC22DACB45ab86705F26EA799091.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\E0CA.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 50B9D9E91B5244ad9AAFE89AB407BD06.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EEADBF92035243799D9D8639B6AE2386.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 299835BB1A744826A691B0174961153D.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2CE5DF22919D45398B140A2AC2EADBB0.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2D085BEE99EF402d8AE2E2DE0AE63A70.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E1BAE20C3A954742AE3CA82DD9AFFD66.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1F4444B1763349a3B302CCBDAFAF0937.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D271822544814b0492FA71D38C800CE7.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D2EA6A6D6CC24271BC0ABF97BF55485C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F87867C46E4F4145BB67F3E4997FB205.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BCCC9AF1ACB74c9aAB51FF9026262D0C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4D0694BF11F443af810483FB8F141A9B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3731FACE1F374f6b930D128508F782C9.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 50F2ECDE60E64d8bB0521573CF10677D.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 91AD7D20D7C648e69510CAC3728A98F8.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B3290318FA534ddfB2F260D4DBF88CE3.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FA0F5D5822DC418cB1CE1700D5080E6E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9DEDA1D226864d7f9FFD2EF33C6F3C0A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\4D03.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 90264117CCCE4caa84E4DC4BD9A90880.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1931CFB637734a33835608789F810448.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C50B8AF9F0F64644924685C5AF91E0A3.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 523D0621FB6540d1A5CA994C9914A116.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D816CF0020CC4aa784E3A74D6178AB03.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8CC0BA27E42F4a2aB53C320B95C2D6CD.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F1BDAE426BA8460897BE97102190F00D.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 83105D92F0E1455dB9A0647D46452730.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3377A19B3D874a559EB476EE2FF5D0A6.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 50C2647A4E3E446eAE4B9D82FC4A2947.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 73FA0C7557564191BD87EF7F8E6215DD.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9F200F5160CF433cBC50A0E9575D2D81.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FCB34D3424B347d5BBF692DC96E79AB5.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F38D.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\B90C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C60C92B53D3F4c57AA84269A657F18EB.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 234588492FAE43b9848A611C7B5FB384.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BBFCD9FD0C2845d9AB3BAC3540424792.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DBEEE2E7F7C948c5AC8374FAF56F0BB5.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9BFB1651B4B14248B82FAFD6A3F74354.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EE26ED08BB454a65BDE3DF4F959111EA.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A6794383B1154d4fAA279D486C5F8114.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CA76A907B63241ba96C438188A4CFEC2.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4FFBE525A4274e23AF3FF3A01B9F3985.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7579379A20A44315A2D8C44F09C59259.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7F4D8C43D751431fAA92724F6CBB7B1D.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5610CCC362584293983D51DFFB86E0D7.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F2A0B09E04DA4a6e970510190CB3300B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7A9980112D4244c2AE22D70645436C80.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DF07AF3C36CD425f9F2D55B56E189525.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B8CCF0656988446b935B0130B22275F2.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5A093066A3A147f290C66D0873234E96.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C4F94516C7C04545AD87E2B155C4B493.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\2525.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5104764DE19343c0A988B6FBA99D0281.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DC1C82982FCD44fa839FBDED0977BF3B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2495DA0DB62D436aB15FAD5038057BAC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 75AEB999D7BB427fA1512A10C32F3D8C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ECE237FE8B1748819507B97CF64FAEA4.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0E67B97543F342b28742BA80B0C6E847.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 413FD10B40304231B2460913E94207AA.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A28D948DCFF141388F5C45CC4077E7F9.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 88DE4AF866F74a1a8F0C226CC160D691.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0168F4FC4A6647bfBB7B9EB82EE1A1F2.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 52191421F91645eb8811D5264526FC31.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6A1FE8392BD9414a8C556DE6D310B658.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 792E6EA51FD2479e9D2BF732C67AF641.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2B81CD0AA5CB48c484711BDD6AD17467.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4470B2674BA449529D1BDAEC43245C00.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3B29A16BD06E406eB25F8D90DF863355.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 254E7AC096354a6298B33A0A96361FDA.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C9CF4B56B6C846df9B7DE4B70BBB9F9E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4DE0E2C827954445B788DA8EB1D0D42C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1905028680A74b55AC1BDE21DF072224.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A59EBC8197F147c3811B5518EB0D69E2.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\913F.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B34764A6994E43b782EF60060B8525C7.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7951FA7A2A404fb7B5FCD539A5209E38.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2873C4C73EFC4cdb8A94F904FD28C160.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 87B50392077B46018D49E7E65D136D90.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 801B61D17A824ebb876C66F83785265E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 56C9EB03912747c29EDDAF4499394014.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 12C95DBABF8A4711A66ECB3421952F2E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E35845CCF1D54776BCDE005B5EE6D6F2.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 32E598AE517B41c585127E6D1AFF2944.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 081A05CA47194427AE959421B388F6D4.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C5F98F6C959F46f0A937C2ECBD10A26F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0EF3FED0D78B4e5a9791904A51C0A1B0.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AEBF0102C9BD4dd99AC79BCCF93DD9A1.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8AE67B861E2241cbB2DD87E78736B8F6.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A31167379D68497cA820696E565B6D01.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4629F893DF9B403cA8A00C4EE943D0C7.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B6C859328848427dAE602D77C97059F4.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0E257A4EC0194df88F60B57FDC1D9A23.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\FD78.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B1EB89D5E398400293CE1CCDD66E42F9.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DFFFA4D5F839436895C8E37069557559.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4623D6311F464906925EFF6BDF772CD7.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6371DEE0F2E2476fA08F3A053A159942.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B9C48E056D79409d8C2259C38A9C3B85.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6D3521EC84274eaa9768EDFB90A93553.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 848D342291824e3d977372296C5A72D5.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 230ED71F05184622A224AA230074473A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D61D14C78D7F420cA1BA171F07A66A9F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 58642F3346B14084A1D90055CA10E398.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B5A140786ACF4a5c8D05A038779E4720.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B016143CFD114bf197AF9C201742824D.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\680B.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\40DB.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 311BB3BC3C494f0c8EE1BA61F9E27287.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C1CF474221604ac6A4A1FF6861A0E7DB.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\19CB.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B9E96209442941ceA567285EE74F37E0.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F28B.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CB7A.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FD805BA13AB4452f9C736AB4E43EF260.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CD09613895544ad9A356A545F1FD990C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\69BB.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 93ADF692BD1548a2B7CD50C10CFEAD94.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a15bab746a0f3ac1c0c7d61da13a2106\BIT4C09.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\429B.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\1B8A.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F46A.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CD59.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CB6E340236524b9694AB68AFCAD7C054.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E48FB7F997744e19B1921B547E1704FA.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EB7950EDC7B04357B895C57425C22503.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\A61A.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\7EDA.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\6975.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\57C8.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FA209ECA28434ec8878D7E01A8385E50.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5558C734426149be9424BFF20C682793.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EC55AACF62B74b9d9F25AA95B9E273C5.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 60DB6468B7704e18B733D9E32CCBAB50.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 32A26D1716FB48f9B967BC72D6789C94.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1D400E40FD8B40909A7A98827A1D4144.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6DEEB4257A024216BEEB979FC2079546.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A6C1A458B7E94b8eB0A7146EC383F183.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5A1B9D8516144cf5A152E717628B1A8C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2213F81102734ccf81B6A7CD2454F5EC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 44D21FD60DD949cbA1D2192303FEDBE1.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 823DB37BE0B04f798CE184910F94B7FD.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UYHZFM8ICZ3YRUA4LEY7.temp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B214D795B59F48cf8CC0718852C603B3.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FC50227265194da288C86E83943D7024.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FFBBFDB0E8654eed9ACDA804BA4E01BF.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A135FE317A9B4be8B4195A1C5C6FBDED.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A53F23175C284fcbAF7403F2FFC90EEB.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8F23F72EFF244c9cB237DA664F9C8D06.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1126262FB76C4fd9A3B47168C90020E7.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 41D92182017740b4AD307323D2A44E76.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FB6E783BD6D24dfa81A8EBC0D45552F7.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\D589.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6EECBCECF9CE47058F166903744371FC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9EBFCD43B6834af2A0D50D93D08602D8.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BBEB1991E202471c8FCDAECEF90D4B23.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 581CD5F90EF64ebf9527064D7605D44D.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 99654381AD5F4f6e8442E2CABD1DD51C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6A154950FFD04ad28FF03ED88D8BBAEC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 95177E037A9C48a197466ADD0480005E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 017C93B231D3413e8AA7981D4C5B1A90.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5EEAFDFA84E54ad69E16C614A8755200.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 39BB07B73CB445b5B462B4B8EED61E88.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FFB603CDA7B141708126350673FCC657.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 34631D5EC6D340f7BBC6DA0A3235A74D.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 658E98323D114efd82B3A39AF2789A44.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DC0D8066BF384d08B4DB0B16D9090AB9.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 670E78923EC6492c9248919CC1B4CA68.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FB24D60EC97040709463B7F58D97FE94.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ACEE13EAD4C14d099B155B70CFF6D308.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 356FE060635440c285376937FEBE61AD.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D36534E09F654039A727A6A35AF00215.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\41A2.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C0F227F4DF6C47a2B26E2554ECDA66C3.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CF5B85D9A929431fA7F5E3C1389BDFE0.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 81E5CAC42A8948daBD0C0657BA65BCF1.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 668EE827E1D04a4d90DA369738E1D5D7.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BDCBEF50ECD14e759E7371337E05ECB3.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DE97B1AB45324019A26055763FA6D498.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 17FBD3CC1B7E4b1bA20A635E6EA105C6.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 241E8A3F1B874fdbA2F70BF49E7AAE7B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5ADAF0C0A9A6407585BAC2AC8310B6B0.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8457C787695D48a2A2FB626A335F78FB.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2933D6B1465F4bb99DEEE2CE789CE02A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D9FD4FFA4E754dd0BD52BAB33FADB31C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9C5CED2894BE4ddeAA43B3B8BF920987.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3AF9F82415D54435BBDF3429F6A6B6AC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7E0486CFF04F4099B38401601958197F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8747DA87910943368C2E2B7AB94F4378.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 629D011329B047e584A857972E91983E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B4F362EC96454a1c9E0DBEB5A6AD19FD.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E927453E7DB84f24B0009FDE15A3C07F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A1E1CCE857054d04AE0F8E276339D102.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\ADBC.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 40C1754A4D284e35B56696F6684EF7B4.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7140D8F6274440b88B7043CFFDF4515A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 61A9C249F6E04dd990DE2648EA89E03B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1BB98D4676BC41768EDEB5A20084D157.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C8A71DB607C24d9bB6C8793D6E18CD2F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0598D384A3E24353B59E8F65E9B25C19.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 23EBDC01C0DC41c298F81298BAFBFF9B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F6C6D25B70004b74B3559AAAD9AE77B9.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A7EBE912018542f48CD47E784195B686.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DDAB607BDE0E48cdA153155D38043CBB.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8C0DACF82E4B4f8cB2866B6AC0948C03.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8694F4C56DDF4d83AAE068D8F818A9A2.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EAF81735A1B647d0B9578647A471FAC4.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 30D3477EEFA24a29BA120A6D061138FC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1AF529AD1E4441189D536CFA87F32EF1.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FADCFC555BBB4f6c814E2399708342E6.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D6DF41014F914b76AD3D9A4F035178D1.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 456F2AF8A3924894AEC33B26E2678844.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CBF9EF485C0E40169E65A55A8682CD83.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CC6B814D8D974b4bA65F916A697F40F7.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AA16969AD3AF46c2B47891E57D2AAE48.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\19E5.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F6B1FC19AE654c36B5BE7449FB9E60EA.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\B98C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5D3537C553C74eca9A995020DBA94300.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AB6E0E3762F94fcaA2CE24F058888EF3.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\927C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\57DB.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\30CB.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3486BA3B39164bd5B1A045883AFBAE73.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9BA.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1F8356652F1442369275464C7A8AB896.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 32CED6CA18E14c3cB986EC91E28728C7.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E2A9.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\BB99.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9478.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6D68.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C20E407FCA304adf8E00A6F36877732B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4CE1732024A44b758C7487C27485F9D8.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 48851328A6344645BE29A38EF3AF294A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4657.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\1F46.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F836.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\D125.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\AA14.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 38A25AE6910E44ceBF1A66D591776F5C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F99E1D37B00942a7ACFDE0C43D418258.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 60D40FA6D5CE41598BDCC3B4F2CD9B86.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8304.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\5BE3.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\34D3.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\DC2.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E83858DE2D534ad8A677F2E687FE43A3.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3F43B53253884d1aBCCA283C8601A72F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E6B1.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CE3A64B956DD4bb99427E2061DD60933.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\BFA1.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9890.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\717F.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4A6F.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8AD5BE5E6B2B41f899E6EE059F25D8CF.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B1193016C6F24eceB1F4A3A5746F6C12.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6A483FAC3DFA497aACCE4E0B3CCE8373.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\234F.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E8BE.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C1AD.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9A9C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7AA1553DB10A44f194E77A3F00CB2AC5.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\85E3.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BE009C5636D641faBE7FD4E2610E2D99.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0F5BF235665340a3A5ADCFAF8C11DADD.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\737B.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4C6B.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\255A.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\FE49.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\D729.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3882E1DF3234496eB92E2D61FECC5388.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6A715451EABF49eeB2EB38582F48F905.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 45734515AD194df6BFABBF9ED029E43B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\B018.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8908.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1c232671594387b24f0d0aafb45313ef\BIT6D63.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\61F7.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 54F485F4881C44b7A36FE2C0CD180445.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 849FAC292DAD4c01A527AB618D962374.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CD7AF2EB6C414578A1BECDBCB5F3133C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 558E3CCDB70A499e85B204B85C735B16.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E67E87B8061F450f970CD316A6BF041C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E9EF136B010F40938BC0FE73D78D7DE8.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1c232671594387b24f0d0aafb45313ef\BITFF83.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e5f5e48898ad0d74c624b3ffd232656e\BITCC62.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\EED9.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C7C9.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0DC9BB17E25146e393DB88EB2088EF7F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CA44E6844C684d8d8D9F88B54284BE2B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CADD362CFFCD47d0B67D119E8A0C5506.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8D28.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6618.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2B77.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A029F5D9ED904c6eAC437A6939DF643B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0A68938CE4E348faB9333DFF82FCA5A9.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A940B16952874be5894F39CA7DA8C88B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F0E7.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C9D6.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\A2B6.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1d4427fe.msp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Updater.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF6BDE.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Search.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF6BCC.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF6B8C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\logsession.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF6A71.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF68D9.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6825.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF68A9.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF67CC.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF674D.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF644F.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\eBook.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF644D.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\weblink.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF642C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\SendMail.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF636F.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\ReadOutLoud.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF62E0.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\PPKLite.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF5D14.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\IA32.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF5D03.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\EScript.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF5BE8.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DigSig.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF5B69.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DVA.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF5B48.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Checkers.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF5AF8.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2CF3CA36C4F045d6AC2793BCD964FC2A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF5654.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annots.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF5088.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF5048.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF5026.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\Flash.mpp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4FE6.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4C6B.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\rt3d.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7255ADD2F8D14b39902DAA41ADA9F41E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF49AB.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\tesselate.x3d",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF496A.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prcr.x3d",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4850.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvDX9.x3d",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF480F.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\3difr.x3d",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF47EE.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\2d.x3d",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF478E.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvSOFT.x3d",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF476D.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Spelling.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF473C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\SaveAsRTF.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF46FC.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\reflow.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF46CB.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\PDDom.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF466C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\MakeAccessible.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4580.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Accessibility.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4530.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\JSByteCodeWin.bin",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF44A1.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4470.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF445F.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF440F.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF42E4.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 629DCEB4FC464f518D69753AFED17FFB.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF42C3.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIB.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4283.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF4168.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4114.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF40E9.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF404B.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF34B5.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF3446.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF2CF4.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF1DB6.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF1D76.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXSLE.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF1D26.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF1CE5.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF1C57.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF1AA0.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF188C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF17EE.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF17AD.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF64.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF153B.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl64.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF14FB.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF14CA.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PF13BF.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PFE50.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PFE20.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PFE0E.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\manifest.json",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DropboxStorage.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\StorageConnectors.api",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\684.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PT268.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PT239.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PT1CA.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PT1BA.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PT18A.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PT12B.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PT11B.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFB.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTCB.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PT7C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PT4C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PT2C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFFBE.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFE75.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFE64.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFE35.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFE34.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFE33.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFE22.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFCF9.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFCD8.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFCC8.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFC69.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFC39.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFBFA.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFBF9.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFBE8.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFAAF.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFA9F.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFA9E.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFA8D.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFA8C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFA8B.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFA7B.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFA7A.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFA69.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFA68.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFA57.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFA47.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFA36.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFA35.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFA25.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFA14.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFA13.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFA02.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTFA01.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF9F1.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF9A2.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF914.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF904.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF8F3.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF8F2.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF8E2.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF8E1.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF8D0.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF8CF.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF8BE.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF8BD.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF8BC.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF89C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF85D.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AdobeLinguistic.dll",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF84C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF84B.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF83B.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF82A.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\PTF819.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\F1DA.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\DF63.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\B852.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F4652409CB9C468bA7F4DA00B9D570D9.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4E4D299A26464ffb8F501BD186D4C39B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9132.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B030EB10EFF24ad38EE167D106B2D8DC.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6A21.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1d442716.msp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1d442714.msp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4310.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BITF926.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\1C00.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F4EF.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F22420D3EC214f3aAF4DA5CA87CA6019.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 66EAD40A01A14cf79D4211E41FA8B59E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F0CFDF38D83B4a08956EC732F98BBA85.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CDCF.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\965A.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\933D.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6C1C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\450B.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DE833669C2FC4a7d886DA5A1E01C9362.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 746B5D16A2F641afB718C78770666A4E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 685EC92E67C142fd800486CBCAF8E38A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\1DF9.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F6E9.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CFD8.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\A8B8.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8C1870B101CE4983B2A917363D2098DB.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\81A7.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1271DF31DCB44e539E4894ADEF15AF0C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6C67ABE81B6D47c6962664318491B53C.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\5A96.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\3386.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Users\User\AppData\Local\Temp\chrome_BITS_3676_25821\BIT303A.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C94.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E555.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 71002C74F4934315B522C9C1A44480D3.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 884D08B00C9F4d68B2831586AC93559B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\BE44.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 31E5D0A4A0334373AF89D649D31DB004.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BIT3EAD.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9734.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\7013.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\56D8.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4902.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1d442713.msi",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1d442709.msi",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\21F1.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\1B3C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 027B8662A79343748CF904736713C283.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\DC3.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\911.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3396B881F65A468f9B08D930E2A848C9.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\FADD.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B71BAD17958C4bd29123923A96034B86.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\D3BD.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\AC30.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\718F.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\5DDF.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7A89021DE47E444aA697A4B777576239.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4A7E.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 58A536A1E98949f7832C09C12341ACC7.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1A32B7949AE94947A5E26BBEB713CF4E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\235D.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E8CD.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\AE2C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4af4ea6289f46c73b169c4abd042daca\BITE642.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\014254961a4f5da52da40c45564f3e34\BITDFB8.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B22DD7731A43428d93C30E54A9A80865.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 50520E51A5EE480e88EF6594E206825B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a654b059279e3b78fb07a2635394b301\BIT21EE.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 13ACDC4529E048f8AA3A649180224C8E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\3455deb870c595425eaf0bdcbcaeb877\BITE931.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\871C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\16be77b682de5f7723de0e2361280b1c\BITDA42.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4C7B.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\272F.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\11EA.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\655.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1645B5EA3DDF4bf3B114F28D065C16D8.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\EAC8.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 70F3251FF60A47e19FEC0B7B4555758E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 016CEB762E4845978250038AF539949F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\B038.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\7597.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\51F0.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7c03b7d582ff5efb46cc0d8b93a46c49\BITCBC0.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\46D8.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5c655a10b1fea23613d7edac2bf5d086\BITC308.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4AE479F02BC847a2BEF6C42467803230.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0D52E5AF9B3B425fB769D4D9334FC4C1.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C34F4CD159C5424393DFFE3C4C775E8F.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\52e3a43e5a0db056a34aeef6444a7db2\BITB17B.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\53cc941d3892ee318f38d9756ca4a47b\BIT92B4.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C57.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\87F.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\B232.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 46F3200A435347c6B4845286ABD4EBE4.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8B22.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2324C925467D4b0091FB0A302F1C474B.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AC10ED9159024a88A5F73FAB2E4F580E.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6411.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c8c28cecd39824f4011009e33d8b5c66\BIT8193.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2971.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\260.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\DB50.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1F5157646E0847a4B374AFFE01B8A509.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7384BD1E2A08440aAD58D2188644448A.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ABAE3EE8549F47fc94FE059CC2709235.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\B47D.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\B42E.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8D1E.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\67D1.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\528C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\0b37a91d-a37a-4671-b782-870cb31f7e93\index-dir\temp-index",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\0c38426a-fd06-4069-b19d-71326da1985e\index-dir\temp-index",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2B6C.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F5402E3F14F04e649E960F72B641F0CB.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 033EF2B6FA1D4c07B2CD780DDF070469.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\5E1.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\479.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\459.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\17B.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E7A4DDFA92D046659E5065B5BC293450.ppd",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\E4PDT0WV58G51JFHEVGW.temp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\LOG",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\0c38426a-fd06-4069-b19d-71326da1985e\index-dir\temp-index",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\0c38426a-fd06-4069-b19d-71326da1985e\index-dir\temp-index",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CF0F.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CF0D.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CF0E.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CBC1.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\C9AE.tmp",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-01-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D83001FCC49943a3A7E51BFF92FC700A.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8CED30FA32EF4342AA6D89520B1408FB.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 25B0C757307D46c691D0B7DBA5642FBD.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\01755686ad4d934096b59cb062d2e5cd\BITD4A0.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a0b6eae9bc8aec56ebfb116531721073\BIT8834.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1c054aeb71ced380cec020d988be3a03\BIT7CFD.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a654b059279e3b78fb07a2635394b301\BIT6FA4.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\3455deb870c595425eaf0bdcbcaeb877\BIT6F74.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\16be77b682de5f7723de0e2361280b1c\BIT6F63.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7c03b7d582ff5efb46cc0d8b93a46c49\BIT6F43.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5c655a10b1fea23613d7edac2bf5d086\BIT6F42.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\52e3a43e5a0db056a34aeef6444a7db2\BIT6F31.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\3974347e7d076017e0eb76e9e868841e\BIT6F21.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 48F97C7B5CDB444aA7057B999A02F502.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6FC3B24797EF480fAFE75D411121FB03.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0C37404FB9AA4cc79E3F3244299402C3.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fb6b670451f8a73579a8876c063f7a4a\BITE641.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\53cc941d3892ee318f38d9756ca4a47b\BITB12C.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\109407f30182519de0885a832786b4df\BITB11C.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 02C397F91BD84036B8BBC3C51BABEBBE.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 09AE5FA662774dac9EA0EBB64B551A01.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C0EEF98656C4489f8974F3E43CD37438.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c8c28cecd39824f4011009e33d8b5c66\BITA8B2.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b5947a8c3d92609a2f7dab1be3b226a1\BITA71B.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\014254961a4f5da52da40c45564f3e34\BITA70B.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EA7C41C12B5C48a684064B1E368D4659.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 69FE5A5507FB452d9A95C5FD587F9A31.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E73A36F695E64d9788A4FB0955B420B0.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\01755686ad4d934096b59cb062d2e5cd\BITA390.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a0b6eae9bc8aec56ebfb116531721073\BIT8009.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1c054aeb71ced380cec020d988be3a03\BIT7FF8.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\3974347e7d076017e0eb76e9e868841e\BIT7FE7.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fb6b670451f8a73579a8876c063f7a4a\BIT7FD7.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 42E069F9C7FF43adAA066648058D3218.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0C7607F05EFC47b8835F590E236FF200.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7E066AB22A4D446cA823497F38C04ECE.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D78E045A0300491aA8C6E55170595224.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F1D5A28291CC42cbBA4C6D2B4D418E1D.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 124F7B2847E44dbbA23239111A5AC298.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E93D7197BA534afb987C200170BE7F2A.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C553C8D52A4348ebB077476D1FAD4A3D.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0EF3293BFA524c2fB5D97E08E1D1311F.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 821EB4F7508B40b9BF5196119B8C34A1.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FD011FBD97CC43779DF2B2FA86CAFC13.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9FF96193E709457581A3941F9B9C4374.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BITA16B.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BIT694A.tmp",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EBDFF39C97A945c6BD6FDEDBA0771AB0.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5F2C01CAEA5D453bBD8CB71CB130AA45.ppd",2
"2017-01-18T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FAC6C79908C241b3954FA56845B0A8FE.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C8968AF9DB3D4637BDA9F0A7BD76CE04.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1C39A400A259495bBA8D37F585DB857F.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CFA3408EA2FD40fcB7FADB435FEA5820.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 00792A5A2C7F46de8CBAE7C5E92352F5.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FAB612E071A4416dA8D920EC0E5BC63B.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2A048B6BC8434657B3A21092BE82B222.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0EA7033BB6E641cbA3567FE5089EE434.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C26636B073434858AA41D1CF5C9973CD.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 48AC2C74C1904fbdABB646532BD958E5.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 78F897EF667D43d5A9A6C8C94BFD3FEB.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3065A432F8CC4e86B3AF15E2AAB03F79.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0F79387784B34e6aA6880AF1AD5672D9.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DF349BE2DF06440dBCDA8B65CEE1C2C5.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 74D27262ACA641e29C16C00222DE030B.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C4698D63222E4fee97DC11C0C14D86E9.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8F651B012707427898F76328F2D5FB8E.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 73F15D7989E34b1d9AC71DD6175F980D.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 34B5D0B526F548ba94C109E92458FB7D.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DCE6FA45B5B14783A2441C53C1ADE697.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7EBC65D196C8438eBF8A7D3C2E7469A3.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C12536F7C4774b93A8019D2730F7BB5E.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FF753BA94F734490B7DF6C16DB68D6BE.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2D8E7EA8DC434da9836F47D84AAF34C3.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B8DB0BD6A4C545289F7823350A415CA9.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 131FCB2D646348f5B2EA8D5E3ED23C98.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9358FACC5F5C436cAED59D4CB416DE74.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C0265603E070401b887639FAC2049F09.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 98904DC9ACFA4129ACDB4C4A72D896A6.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9AE540EBA9804e0eBBBFE942DC70B545.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4FAFBABA057D4600B53A2039DB9DBBF3.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A73E5FB49AA64e47837CDA90E2E49BDC.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FBE35B51329F4b159F3338076903E0F1.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3F21D1A7ED32415dB9F1C1B7C9BA9055.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3762ADC9BB8B4ecdAD5AE9E1B3ECAF78.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 316B44ED04B24f9dAA388D5B3576A620.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0632C2B64A91499cA69FEE936E59F754.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A159D92A3B5141038DE89A2CE134FE5F.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 02A7BB82E1534b96B84A0CD401C96C72.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DC47289F16DE4329B597B7D4C3DB8252.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2962_1634_notdimmed.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131287035692111311.txt.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1E62AFA2F00C4d5d8417AF112D86F67F.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6B397C98FD3641edA9475BEC2195C1E7.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9B261EF60B544f8090FB60A9723B100D.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F9F036F4965B449f960CF7AE20310528.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6353F1D987A04feb9AC4560258CBB940.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1419BB16CFEA459784066EB26E044A12.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D1C1C9DD016741c1BC3F56265D42A9D7.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 454AC31F615C496aBF47F0B0A7223924.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BCFB5425E218463bA0A91D447D7BFB38.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6F83D000906345d49270C914BF5B54E5.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 34791B1604A441ba892486E61A90F565.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E3C911AB21904be094934D9EAC14C534.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E73BC2B63A8F49feAE93FD52745F5C76.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BECD6ECED79C4acc9F76014D8E62A4C9.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BC2B3F7E91B44c7aBA446EC452BC5F1E.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BE30746E694A4fafA944741179394086.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B2852DB1130D4ce6B31D29EF485FAA31.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F679755AF9E74daf96E8EFBB447F3C4D.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1484226103.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D3A4B1C8685F4fee963214D2A9174C5F.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EF1100C9653D486f82EF094ED7D410DB.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 59F938A9600E4307BB939297B3A46A55.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1484222446.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1484222445.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E277E060521C40d493F352707307225D.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 984594F5E8D94d3a940DBDBC0F66102A.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1484218794.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1484218794.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1484218792.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E3663E23DEB14034A693CE30468A0442.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D84631C040574eedBD133B27C6EA8B56.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 992EE5162D7A44ef911A07ADA33EA0CB.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A68349C909D5424fBD1D5E7D31BB922F.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2655354B93BF4c8fA2F19DDB5314A025.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 23C23D19CA90405c9AEF4A61BA1CEF23.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8765AB6B8C034b2e8ED9661002B00D33.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 083A9A2421F64e36ACAE95E89DF62097.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 71011EE1011343f29F7C897D9CE3F3CC.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1484207770.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1484207769.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1484207766.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D543B5D759604f21B3485F0864AA08B3.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5131629C25B74fe99D18F1BFCEB6A0FE.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F1A888A0C9654db287F4EC6AC48A3F4C.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C91092B930C8489dA5919FE8A88E6896.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 987A9188CF594382B743DAFFB2FC2C91.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EA578EE044414ac3A9473E63E022C166.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6154AA29634E414491DF34B3575ACBD3.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 72E01499F1874cca82CC1121C086DDFD.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 977090F1E3434d4b840E7F54C484CBC9.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 06C8BB355C5046dbAF900EF87287007C.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7FF2766E55474f189213DE6C241F5467.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C34FAB35E83D45bd963B9D57D3DB045B.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ACE2E9C1FF4B4abd92D69857F7752696.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0E937F1FEBC54de99C2BCA4E5897D48B.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 735CF863E9D5415cA812ECAA28412601.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EFD4F3D2501049aeBAE62BA8116FA056.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 861AC20262B246708681E4D52E6949ED.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CDF2B367B22A4ba8A9B35EDA82C82932.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DCB4FC59F04047fd8738A5D76029D2A8.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2AB4DD69F62D469f9910093A30CEEB8F.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F67CFB4FA4B8492e8CA2F9FB5E7843A1.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3E39565EBEA14363AEEBBB5582EBE025.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AC35AC3BCF504c939C481AFB5B840A7E.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5B088C59A2C144989AF2FC43DDB059BC.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C8FA09D8C7D846ed95C1B4EA29AC43BB.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0820A14195D84f3fA6B1744DF8DF5168.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D7A96370D82149b9937EAA035B9FF24C.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AD294D7FFBA24a1cB4976C6EB62FD4AA.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 540CAA82BB694d83999238373428D98A.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 41118A050C604b4cAA2252ABFE637B24.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F5FA56A9F16A44f292B9565FED2CA7DF.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\SLS\855E8A7C-ECB4-4CA3-B045-1DFA50104289\sls.cab",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B5996C7795C844cb8A151E5428AADE52.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C7649B2CD788458d9AA26FB3B138997A.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E4BFA7F1B6E54955A37D26D56007B536.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C25F592A5D7841a5984B54453AEBCB81.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E773574A040D434fA4FD5EC9466D99DE.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DAE5F3511BFB4a608658326CE04D049B.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DF6E2162A31C435792BF1F44AA98693E.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7DCD118C92D84dd184418477C96A2925.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A0335D909BBA439f8E7A6D2035480532.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2B8D8F220616483e9E259AC51B198D7A.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4639DF03B44A405d882ACAAE6293A446.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\A8C9.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\A899.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\77ff848b-458e-4bc8-85dd-820794defa79\index-dir\temp-index",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\4cc4a8f1-c962-4e7b-85c9-9f1b614de269\index-dir\temp-index",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___1344_0819_notdimmed.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Z0Z7APRGK8MXPO8PDRVG.temp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2EEB4B71AA1B4115BD9F1E534ECEF534.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\chrome_BITS_6972_3623\BITD0A8.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 838755DF19AE4606B5D76F91CBA414A1.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C9F026BCD3A24f80BB8E820888DC887C.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PQQ18X43BRWUSEXYC0X9.temp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\EE8D.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ES8TYYF70FV1KKMQBVIQ.temp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\Logs\CBS\CbsPersist_20170112064329.cab",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\24UMW0599GPPW4USE9WC.temp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 02A56E213CAD4f50B5AA5AB05E0B5379.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\61.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 90C6E8D784894537AC2BED65FDD50B30.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 496CD907DE9F4b8eBC5A3BE7A6EDFB00.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TNBW4XRCTFN07CJWUAKE.temp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A05B5BB7E1F34024803B5F3A72AE903B.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C72334E90CCD411f90D4D7407A6E7410.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 386D0D0067AE426eB9203FC79BB502E2.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RFUP6PU8AFTW25CGGWBS.temp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\70DIX60QHOWSRHKSV6AF.temp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F4B32AFCE151483c965E06DA5CD6C783.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6F18EBE9DE5347089B5DBE8116643D20.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E7A1EA3C16AD4654BEA3EFE6AA4D1245.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\66B2.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HDKOHKM61ZLF7Y831TC0.temp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2C08.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\29E4.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DBD01250A24645389A6A8B805E374A81.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ED9CE6BB894F46728CDDFE098F8CCD0D.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 29A58AAF2A5341c8B5F1B9FC6A1FE3E9.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PHRE16VIS22ST1Z2IIBO.temp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XFY0340K19PRA4K6KTCR.temp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 5B8AEC1BFAF64d98AB0E0CD9022A6CD1.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B964F35B3C584891B9186C79637147B6.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B4E3F7D2C75042f585B992D7E26BCB8F.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8ZL1T2DCYFL5BVZS2KBJ.temp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 555923B5DE20423eAB3F0456D05C4D95.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2962_1634_notdimmed.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C201DFE4378F4bf78A5602339C57A6B2.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A254CA786C0745ef824693C245BE8A95.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5X2MN1I7962W0QL4X2WY.temp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286767579820114.txt.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5934.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\57BC.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\A57.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZVIY2TQ0HEDNA652VIKW.temp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6E44551332B8408c912FF5C8DB8BAF93.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8FDAD4864D5447e7AC8EE6A519AA80A5.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F6425A436ED94d69A2E7AE94D495AE7B.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MUJ0T9DVDHNJJ9OK3LBW.temp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\4cc4a8f1-c962-4e7b-85c9-9f1b614de269\index-dir\temp-index",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\B464.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\77ff848b-458e-4bc8-85dd-820794defa79\index-dir\temp-index",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\9707.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UAD0G07RHT2H1LUZ20AI.temp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6DF2.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6DF1.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6DB1.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6DA0.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\6C67.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\LOG",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\LOG",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\77ff848b-458e-4bc8-85dd-820794defa79\index-dir\temp-index",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\77ff848b-458e-4bc8-85dd-820794defa79\index-dir\temp-index",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Program Files\Google\Chrome\Application\chrome.exe","C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\tsprint-PipelineConfig.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\tsprint-datafile.dat",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\tsprint.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FEF0A376480448d3AA2F9F8572DE2919.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___1344_0819_notdimmed.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 18F50D2479BD486fB7B91A89BC2ED55F.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver ADE7CA5ED6CC4264889A7CB4938F542C.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1484203069.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1484203068.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1484203067.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1484203066.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1484203060.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1484203060.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286766552233995.txt.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EED5F642FB524fa6A4DE3090AC42F0ED.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B2F70FF2CB2A4b489AA36B56CC49284C.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286766512733086.txt.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9CFABC8ABAE743ad9E4568C3EE9ADF3F.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A4250175EC154acd81C260FD8DCE069C.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver EBDF888B8E414cedA8D041BE68995DD3.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E62BB4F9993E439fA2122F609DDA3A51.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0613626F63DE4e918900ECB661C92390.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4E77550F3CE64dfd8DB63E5B351BF9A7.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 44D44924B7D14e24B959CBC8A7181D52.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_e708f365ace4144b\TiWorker.exe","C:\Windows\Logs\CBS\CbsPersist_20170112063240.cab",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AE32FFE786754b85B2321EA05421A1D4.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9C77D05AB7C74de4838AD46F469A50E5.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6B6DC67101294c39A03675C796700A6A.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_e708f365ace4144b\TiWorker.exe","C:\Windows\Logs\CBS\CbsPersist_20161214224644.cab",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CA4FABC8390D41aa85C9AE308C967114.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E5D4B619539548d5B61BA5091189655E.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E7149EC4384A4044BC88C2A1745A79AD.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0F6DC471E48D4cec9C8AA464BD83B2DC.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0759A3165226434f894BFB4116D665E6.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E5FA09CF2FD64dfbA63D9896C66379D6.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E3ACC778A4EA44ba9310B58F6EC0BEA9.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D8E0C63F21A541639AF93D99091FFD68.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 484888DD72A14bdc8F6C579A0612A501.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Microsoft\Speech_OneCore\SR\SV10-EV100\en-US-N\MV101\BIT8C99.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Microsoft\Speech_OneCore\SR\SV10-EV100\en-US-N\MV101\BIT8C98.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Microsoft\Speech_OneCore\SR\SV10-EV100\en-US-N\MV101\BIT8C97.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Microsoft\Speech_OneCore\SR\SV10-EV100\en-US-N\MV101\BIT8C96.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Microsoft\Speech_OneCore\SR\SV10-EV100\en-US-N\MV101\BIT8C95.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Microsoft\Speech_OneCore\SR\SV10-EV100\en-US-N\MV101\BIT8C94.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Microsoft\Speech_OneCore\SR\SV10-EV100\en-US-N\MV101\BIT8C84.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Microsoft\Speech_OneCore\SR\SV10-EV100\en-US-N\MV101\BIT8C83.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Microsoft\Speech_OneCore\SR\SV10-EV100\en-US-N\MV101\BIT8C82.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Microsoft\Speech_OneCore\SR\SV10-EV100\en-US-N\MV101\BIT8C81.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Microsoft\Speech_OneCore\SR\SV10-EV100\en-US-N\MV101\BIT8C80.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7128787012DC469cA0E5DC22F1331AB4.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3101549700414322BB30A2F97C92D62C.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C7F8D703024B462e82A4A8AEC8DA0F47.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Microsoft\Speech_OneCore\SR\SV10-EV100\en-US-N\MV101\BIT8451.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver B7FECCA6E3804252874F002312D688C5.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9647F5E1CEF04c4aB3038E9632C806E0.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2CA633D295114be2B8F2066F51A780C3.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3020682E86AB4d92AEDF9F1D31470525.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 781EABC7FD8B4b708EF5FDA7F39D239A.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\d3868902.jpg",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 147A5412F76E4a5dB87329CBED9A159A.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2580_1566_notdimmed.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 11A73987A1B9423e9798FCB3548DF221.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D5817E098316440bA2B5AB35AB8AD22C.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DEC710789E3544ddB5513483442FE45A.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 77BC335644E34c26BCFFB62AB43C780E.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DD717DF00B42466cB42B3D19A130D68D.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A772AE8D27D1489e9266FDB3462CB0D1.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver A56AA4841B49466a9E54A364598A5AA8.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 0CFD246D91C545eb925B7E12D7DAC5E2.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6AC388CFCB4E4af5A27AA52409BCCEEF.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Grammars\VoiceAgentsCommonRes.0409.bin",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Grammars\VoiceAgentsCommon.0409.cfg",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Grammars\VoiceAgentBaseRes.0409.bin",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Grammars\VoiceAgentBase.0409.cfg",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Grammars\VadSharedVoiceAgents.0409.cfg",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Grammars\SharedVoiceAgentsRes.0409.bin",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Grammars\SharedVoiceAgents.0409.cfg",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Grammars\ReactiveAgentsCommonRes.0409.bin",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Grammars\ReactiveAgentsCommon.0409.cfg",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Grammars\ReactiveAgentBaseRes.0409.bin",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Grammars\ReactiveAgentBase.0409.cfg",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Grammars\PPIVoiceAgentsRes.0409.bin",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Grammars\PPIVoiceAgents.0409.cfg",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Grammars\PhonePCVoiceAgentsRes.0409.bin",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Grammars\PhonePCVoiceAgents.0409.cfg",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2664_1664_notdimmed.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-18\ReadOnly\LockScreen_Z\~ockScreen___1344_0819_notdimmed.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___1344_0819_notdimmed.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1008A88F4A5041de9DACE852F7095CB7.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver D8FCD9561F7341cdABCE71FEC158966A.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3515E7FFC4B4456a8F66C87FDB637AEB.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3C2EE280075F4956BF70BC5DBA65083B.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B09A85501A364e7586EBF5698E550F3C.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1484202480.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8046658301C14cd090AA3533EAF8B9DD.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286760789830091.txt.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1484202475.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1484202474.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286717377981042.txt.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1982C01A4DF94387ABED149D1BF5ED77.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E27D0DB1DDCE4c8eAEF8FB8E48DF61F2.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 8411C62F04D64f84B88C105BE8C2E1E7.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 290D04896CF4440a8D6126C7D0A029C3.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6C8407829FE041dfB1A8D527D38191EA.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver CABAF111EA8643deAB842DDA43523DD5.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6BA353DC3A874d72829C0CCD9CBA629B.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 70CC62D079F844caA175CAAD2E07B44A.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7D70E5D3C11145d9B637092B8D3FE283.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 4D3FDF1CF71B471f98EEC86DBB6CAC46.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F9CC9B5548C7440eA6DBFD37769B22AA.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6D375EA4DC5847e6A952B7C389034101.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AE238577F3B744daA72A66E8BE5DE112.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7FE30506548D4e968F2EA427B3BF4169.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9B6BD57986F2411eBBCEE231FBBBF557.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver AFD894664B6F483a8EC4A574AC66B35F.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 1187F64F779640eaA59A7DABD7346C82.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 3B66274AC4954574AC86FC74B811D187.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 067AECD0B2474d4985BFFFF364508FF7.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 9DE22F87D1B84356A4B65BD02565C14B.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C06BD33B1F984710A06610EFBC93FC6B.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 13C865A391E84e4fBA851C1B8B00DEA1.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E64AC838A94E418aAC9F48B7D1AA7684.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver C30FF2F753ED41f3ADCF3117D9143BF6.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 745F96F910C743619F50C8200F5206B1.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver DAB7ABC22CA34487A3519FAF2D9A9FB3.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6A7032B0569F4956BD12405BEA9AC73D.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2773DF640FCC4e4c8D89C057D351B628.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 65253AB62400493b8284EFA01FD7DBD7.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7E19CB16373E495291152993C5F7E1E3.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver E44A004E8A6447a0A6FF749F9CC7741E.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 2D9ECB9D6DA04d2fAF7628932729EF99.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6888C3EDA75740be91304FA9FD653FD1.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 084DF227405744f0BD1C0D5DBE76C6D2.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver F90C2A39ADAD478f8BFB04B927F7AAD0.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver BB896810608F489bADE9A861D4A8A8F7.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 31AED5B4EF2247b88B894D7327C86ECA.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 7761DA8DCF0B45c79FB019DE0BDB8397.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 6E72E6A2FD6D4d298B96FA63F9572BB3.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver 704516494BB6445f848C2676295583D5.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\TP PS Driver FD12A2009D5E4b2fB11F7B254F2A3997.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~usic.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ideos.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ictures.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ocuments.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ictures.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ocuments.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ideos.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~usic.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~usic.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ideos.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ictures.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ocuments.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ictures.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ocuments.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ideos.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~usic.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SET543F.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SET542D.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET542C.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET542B.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET5331.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET5330.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SET531F.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET531E.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f3128.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f3127.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f3126.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f3122.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\Graphics\warn.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\Graphics\stop.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\Graphics\SysReqNotMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\Graphics\SysReqMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\Graphics\Setup.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\Graphics\Save.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\Graphics\Rotate8.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\Graphics\Rotate7.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\Graphics\Rotate6.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\Graphics\Rotate5.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\Graphics\Rotate4.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\Graphics\Rotate3.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\Graphics\Rotate2.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\Graphics\Rotate1.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\Graphics\Print.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\3082\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\3082\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\3082\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\3076\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\3076\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\3076\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\2070\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\2070\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\2070\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\2052\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\2052\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\2052\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1055\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1055\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1055\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1053\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1053\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1053\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1049\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1049\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1049\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1046\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1046\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1046\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1045\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1045\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1045\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1044\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1044\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1044\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1043\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1043\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1043\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1042\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1042\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1042\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1041\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1041\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1041\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1040\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1040\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1040\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1038\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1038\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1038\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1037\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1037\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1037\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1036\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1036\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1036\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1035\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1035\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1035\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1033\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1033\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1033\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1032\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1032\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1032\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1031\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1031\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1031\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1030\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1030\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1030\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1029\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1029\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1029\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1028\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1028\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1028\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1025\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1025\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\1025\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\SetupUtility.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\NDP40-KB3023221.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\ParameterInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\SplashScreen.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\Strings.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\UiInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\header.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\watermark.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\sqmapi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\SetupUi.xsd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\SetupUi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\SetupEngine.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\Setup.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3023221-x64.exe","C:\89ccc87e845a8f52a8f1\DHtmlHeader.html",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f3121.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f3120.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f311f.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f311b.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\Graphics\warn.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\Graphics\stop.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\Graphics\SysReqNotMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\Graphics\SysReqMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\Graphics\Setup.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\Graphics\Save.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\Graphics\Rotate8.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\Graphics\Rotate7.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\Graphics\Rotate6.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\Graphics\Rotate5.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\Graphics\Rotate4.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\Graphics\Rotate3.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\Graphics\Rotate2.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\Graphics\Rotate1.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\Graphics\Print.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\3082\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\3082\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\3082\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\3076\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\3076\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\3076\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\2070\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\2070\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\2070\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\2052\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\2052\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\2052\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1055\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1055\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1055\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1053\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1053\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1053\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1049\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1049\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1049\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1046\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1046\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1046\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1045\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1045\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1045\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1044\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1044\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1044\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1043\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1043\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1043\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1042\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1042\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1042\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1041\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1041\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1041\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1040\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1040\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1040\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1038\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1038\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1038\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1037\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1037\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1037\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1036\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1036\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1036\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1035\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1035\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1035\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1033\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1033\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1033\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1032\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1032\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1032\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1031\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1031\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1031\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1030\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1030\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1030\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1029\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1029\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1029\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1028\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1028\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1028\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1025\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1025\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\1025\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\SetupUtility.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\NDP40-KB3032662.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\ParameterInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\SplashScreen.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\Strings.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\UiInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\header.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\watermark.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\sqmapi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\SetupUi.xsd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\SetupUi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\SetupEngine.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\Setup.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3032662-x64.exe","C:\9337c881db1732716324d3d5\DHtmlHeader.html",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f311a.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f3119.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.XML.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f3118.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.SqlXml.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f3117.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.SqlXml.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f3116.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f3115.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f3114.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f3113.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f3112.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f3111.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f3110.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f310f.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f310e.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f310d.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f310c.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f310b.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f310a.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f3109.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f3108.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f3104.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\Graphics\warn.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\Graphics\stop.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\Graphics\SysReqNotMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\Graphics\SysReqMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\Graphics\Setup.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\Graphics\Save.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\Graphics\Rotate8.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\Graphics\Rotate7.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\Graphics\Rotate6.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\Graphics\Rotate5.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\Graphics\Rotate4.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\Graphics\Rotate3.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\Graphics\Rotate2.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\Graphics\Rotate1.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\Graphics\Print.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\3082\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\3082\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\3082\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\3076\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\3076\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\3076\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\2070\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\2070\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\2070\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\2052\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\2052\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\2052\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1055\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1055\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1055\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1053\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1053\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1053\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1049\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1049\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1049\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1046\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1046\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1046\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1045\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1045\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1045\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1044\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1044\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1044\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1043\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1043\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1043\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1042\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1042\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1042\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1041\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1041\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1041\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1040\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1040\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1040\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1038\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1038\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1038\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1037\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1037\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1037\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1036\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1036\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1036\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1035\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1035\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1035\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1033\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1033\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1033\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1032\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1032\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1032\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1031\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1031\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1031\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1030\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1030\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1030\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1029\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1029\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1029\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1028\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1028\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1028\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1025\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1025\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\1025\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\SetupUtility.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\NDP40-KB2972215.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\ParameterInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\SplashScreen.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\Strings.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\UiInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\header.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\watermark.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\sqmapi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\SetupUi.xsd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\SetupUi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\SetupEngine.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\Setup.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972215-x64.exe","C:\47280b0de76238c96319d3cb8cc89f12\DHtmlHeader.html",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f3103.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f3102.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f3101.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f3100.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.Protocols.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30ff.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30fb.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\Graphics\warn.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\Graphics\stop.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\Graphics\SysReqNotMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\Graphics\SysReqMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\Graphics\Setup.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\Graphics\Save.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\Graphics\Rotate8.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\Graphics\Rotate7.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\Graphics\Rotate6.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\Graphics\Rotate5.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\Graphics\Rotate4.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\Graphics\Rotate3.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\Graphics\Rotate2.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\Graphics\Rotate1.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\Graphics\Print.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\3082\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\3082\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\3082\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\3076\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\3076\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\3076\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\2070\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\2070\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\2070\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\2052\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\2052\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\2052\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1055\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1055\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1055\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1053\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1053\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1053\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1049\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1049\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1049\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1046\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1046\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1046\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1045\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1045\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1045\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1044\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1044\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1044\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1043\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1043\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1043\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1042\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1042\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1042\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1041\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1041\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1041\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1040\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1040\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1040\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1038\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1038\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1038\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1037\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1037\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1037\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1036\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1036\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1036\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1035\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1035\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1035\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1033\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1033\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1033\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1032\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1032\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1032\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1031\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1031\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1031\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1030\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1030\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1030\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1029\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1029\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1029\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1028\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1028\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1028\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1025\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1025\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\1025\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\SetupUtility.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\NDP40-KB3074547.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\ParameterInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\SplashScreen.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\Strings.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\UiInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\header.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\watermark.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\sqmapi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\SetupUi.xsd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\SetupUi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\SetupEngine.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\Setup.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3074547-x64.exe","C:\07172568b62c3386a101354652201195\DHtmlHeader.html",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30fa.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30f9.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30f8.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30f7.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30f6.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30f5.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_xml_dll_x86",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.XML.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30f4.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_xml_dll_amd64",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.SqlXml.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30f3.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_data_sqlxml_dll_x86",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.SqlXml.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30f2.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_data_sqlxml_dll_amd64",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.configuration.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30f1.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_configuration_dll_x86",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.configuration.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30f0.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_configuration_dll_amd64",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Linq.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30ef.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.data.linq.dll_x86",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Linq.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30ee.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.data.linq.dll_amd64",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30ed.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationHost_v0400.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30ec.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30eb.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30ea.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30e9.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30e8.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30e7.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30e6.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30e2.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\Graphics\warn.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\Graphics\stop.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\Graphics\SysReqNotMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\Graphics\SysReqMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\Graphics\Setup.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\Graphics\Save.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\Graphics\Rotate8.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\Graphics\Rotate7.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\Graphics\Rotate6.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\Graphics\Rotate5.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\Graphics\Rotate4.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\Graphics\Rotate3.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\Graphics\Rotate2.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\Graphics\Rotate1.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\Graphics\Print.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\3082\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\3082\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\3082\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\3076\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\3076\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\3076\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\2070\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\2070\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\2070\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\2052\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\2052\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\2052\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1055\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1055\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1055\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1053\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1053\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1053\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1049\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1049\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1049\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1046\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1046\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1046\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1045\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1045\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1045\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1044\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1044\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1044\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1043\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1043\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1043\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1042\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1042\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1042\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1041\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1041\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1041\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1040\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1040\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1040\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1038\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1038\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1038\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1037\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1037\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1037\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1036\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1036\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1036\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1035\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1035\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1035\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1033\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1033\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1033\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1032\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1032\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1032\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1031\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1031\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1031\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1030\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1030\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1030\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1029\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1029\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1029\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1028\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1028\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1028\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1025\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1025\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\1025\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\SetupUtility.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\NDP40-KB2840628.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\ParameterInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\SplashScreen.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\Strings.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\UiInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\header.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\watermark.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\sqmapi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\SetupUi.xsd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\SetupUi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\SetupEngine.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\Setup.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x64.exe","C:\ec34686460597428864ae776a2\DHtmlHeader.html",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30e1.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30dd.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\Graphics\warn.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\Graphics\stop.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\Graphics\SysReqNotMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\Graphics\SysReqMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\Graphics\Setup.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\Graphics\Save.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\Graphics\Rotate8.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\Graphics\Rotate7.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\Graphics\Rotate6.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\Graphics\Rotate5.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\Graphics\Rotate4.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\Graphics\Rotate3.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\Graphics\Rotate2.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\Graphics\Rotate1.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\Graphics\Print.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\3082\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\3082\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\3082\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\3076\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\3076\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\3076\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\2070\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\2070\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\2070\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\2052\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\2052\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\2052\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1055\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1055\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1055\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1053\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1053\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1053\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1049\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1049\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1049\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1046\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1046\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1046\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1045\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1045\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1045\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1044\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1044\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1044\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1043\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1043\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1043\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1042\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1042\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1042\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1041\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1041\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1041\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1040\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1040\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1040\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1038\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1038\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1038\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1037\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1037\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1037\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1036\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1036\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1036\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1035\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1035\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1035\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1033\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1033\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1033\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1032\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1032\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1032\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1031\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1031\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1031\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1030\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1030\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1030\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1029\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1029\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1029\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1028\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1028\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1028\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1025\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1025\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\1025\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\SetupUtility.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\NDP40-KB3037578.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\ParameterInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\SplashScreen.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\Strings.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\UiInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\header.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\watermark.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\sqmapi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\SetupUi.xsd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\SetupUi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\SetupEngine.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\Setup.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3037578-x64.exe","C:\e8c5fdc7505df83cd5\DHtmlHeader.html",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30dc.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30d8.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\Graphics\warn.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\Graphics\stop.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\Graphics\SysReqNotMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\Graphics\SysReqMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\Graphics\Setup.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\Graphics\Save.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\Graphics\Rotate8.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\Graphics\Rotate7.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\Graphics\Rotate6.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\Graphics\Rotate5.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\Graphics\Rotate4.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\Graphics\Rotate3.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\Graphics\Rotate2.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\Graphics\Rotate1.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\Graphics\Print.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\3082\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\3082\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\3082\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\3076\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\3076\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\3076\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\2070\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\2070\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\2070\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\2052\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\2052\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\2052\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1055\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1055\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1055\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1053\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1053\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1053\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1049\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1049\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1049\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1046\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1046\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1046\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1045\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1045\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1045\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1044\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1044\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1044\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1043\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1043\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1043\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1042\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1042\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1042\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1041\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1041\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1041\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1040\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1040\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1040\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1038\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1038\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1038\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1037\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1037\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1037\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1036\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1036\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1036\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1035\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1035\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1035\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1033\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1033\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1033\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1032\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1032\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1032\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1031\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1031\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1031\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1030\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1030\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1030\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1029\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1029\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1029\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1028\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1028\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1028\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1025\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1025\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\1025\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\SetupUtility.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\NDP40-KB2894842.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\ParameterInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\SplashScreen.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\Strings.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\UiInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\header.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\watermark.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\sqmapi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\SetupUi.xsd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\SetupUi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\SetupEngine.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\Setup.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2894842-v2-x64.exe","C:\dd9d1c6d775fad6191d1ac980e71\DHtmlHeader.html",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30d7.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30d6.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_runtime_remoting_dll_x86",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Remoting.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30d5.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_runtime_remoting_dll_amd64",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30d1.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\Graphics\warn.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\Graphics\stop.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\Graphics\SysReqNotMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\Graphics\SysReqMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\Graphics\Setup.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\Graphics\Save.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\Graphics\Rotate8.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\Graphics\Rotate7.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\Graphics\Rotate6.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\Graphics\Rotate5.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\Graphics\Rotate4.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\Graphics\Rotate3.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\Graphics\Rotate2.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\Graphics\Rotate1.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\Graphics\Print.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\3082\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\3082\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\3082\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\3076\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\3076\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\3076\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\2070\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\2070\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\2070\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\2052\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\2052\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\2052\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1055\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1055\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1055\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1053\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1053\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1053\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1049\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1049\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1049\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1046\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1046\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1046\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1045\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1045\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1045\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1044\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1044\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1044\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1043\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1043\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1043\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1042\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1042\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1042\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1041\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1041\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1041\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1040\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1040\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1040\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1038\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1038\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1038\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1037\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1037\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1037\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1036\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1036\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1036\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1035\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1035\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1035\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1033\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1033\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1033\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1032\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1032\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1032\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1031\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1031\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1031\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1030\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1030\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1030\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1029\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1029\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1029\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1028\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1028\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1028\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1025\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1025\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\1025\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\SetupUtility.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\NDP40-KB2978125.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\ParameterInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\SplashScreen.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\Strings.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\UiInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\header.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\watermark.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\sqmapi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\SetupUi.xsd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\SetupUi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\SetupEngine.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\Setup.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2978125-x64.exe","C:\cb6314a47d8f1fb16e60d852\DHtmlHeader.html",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30d0.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30cf.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30ce.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30ca.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\Graphics\warn.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\Graphics\stop.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\Graphics\SysReqNotMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\Graphics\SysReqMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\Graphics\Setup.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\Graphics\Save.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\Graphics\Rotate8.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\Graphics\Rotate7.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\Graphics\Rotate6.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\Graphics\Rotate5.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\Graphics\Rotate4.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\Graphics\Rotate3.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\Graphics\Rotate2.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\Graphics\Rotate1.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\Graphics\Print.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\3082\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\3082\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\3082\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\3076\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\3076\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\3076\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\2070\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\2070\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\2070\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\2052\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\2052\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\2052\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1055\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1055\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1055\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1053\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1053\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1053\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1049\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1049\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1049\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1046\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1046\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1046\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1045\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1045\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1045\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1044\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1044\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1044\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1043\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1043\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1043\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1042\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1042\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1042\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1041\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1041\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1041\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1040\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1040\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1040\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1038\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1038\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1038\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1037\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1037\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1037\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1036\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1036\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1036\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1035\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1035\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1035\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1033\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1033\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1033\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1032\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1032\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1032\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1031\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1031\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1031\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1030\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1030\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1030\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1029\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1029\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1029\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1028\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1028\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1028\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1025\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1025\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\1025\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\SetupUtility.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\NDP40-KB2972106.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\ParameterInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\SplashScreen.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\Strings.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\UiInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\header.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\watermark.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\sqmapi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\SetupUi.xsd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\SetupUi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\SetupEngine.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\Setup.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2972106-x64.exe","C:\0f083b9f698648a15cddae576d3d9b4e\DHtmlHeader.html",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30c9.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30c8.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30c7.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30c6.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Runtime.Serialization.dll.x86",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30c5.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Runtime.Serialization.dll.amd64",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30c1.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\Graphics\warn.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\Graphics\stop.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\Graphics\SysReqNotMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\Graphics\SysReqMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\Graphics\Setup.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\Graphics\Save.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\Graphics\Rotate8.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\Graphics\Rotate7.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\Graphics\Rotate6.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\Graphics\Rotate5.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\Graphics\Rotate4.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\Graphics\Rotate3.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\Graphics\Rotate2.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\Graphics\Rotate1.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\Graphics\Print.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\3082\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\3082\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\3082\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\3076\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\3076\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\3076\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\2070\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\2070\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\2070\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\2052\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\2052\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\2052\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1055\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1055\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1055\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1053\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1053\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1053\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1049\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1049\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1049\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1046\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1046\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1046\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1045\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1045\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1045\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1044\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1044\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1044\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1043\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1043\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1043\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1042\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1042\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1042\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1041\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1041\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1041\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1040\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1040\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1040\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1038\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1038\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1038\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1037\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1037\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1037\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1036\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1036\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1036\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1035\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1035\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1035\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1033\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1033\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1033\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1032\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1032\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1032\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1031\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1031\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1031\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1030\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1030\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1030\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1029\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1029\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1029\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1028\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1028\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1028\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1025\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1025\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\1025\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\SetupUtility.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\NDP40-KB2858302.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\ParameterInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\SplashScreen.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\Strings.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\UiInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\header.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\watermark.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\sqmapi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\SetupUi.xsd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\SetupUi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\SetupEngine.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\Setup.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2858302-v2-x64.exe","C:\87f3edaa3671a30600581fbeebbc35c0\DHtmlHeader.html",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30c0.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30bc.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\Graphics\warn.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\Graphics\stop.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\Graphics\SysReqNotMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\Graphics\SysReqMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\Graphics\Setup.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\Graphics\Save.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\Graphics\Rotate8.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\Graphics\Rotate7.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\Graphics\Rotate6.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\Graphics\Rotate5.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\Graphics\Rotate4.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\Graphics\Rotate3.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\Graphics\Rotate2.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\Graphics\Rotate1.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\Graphics\Print.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\3082\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\3082\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\3082\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\3076\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\3076\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\3076\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\2070\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\2070\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\2070\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\2052\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\2052\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\2052\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1055\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1055\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1055\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1053\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1053\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1053\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1049\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1049\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1049\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1046\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1046\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1046\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1045\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1045\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1045\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1044\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1044\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1044\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1043\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1043\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1043\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1042\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1042\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1042\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1041\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1041\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1041\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1040\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1040\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1040\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1038\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1038\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1038\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1037\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1037\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1037\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1036\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1036\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1036\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1035\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1035\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1035\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1033\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1033\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1033\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1032\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1032\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1032\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1031\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1031\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1031\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1030\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1030\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1030\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1029\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1029\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1029\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1028\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1028\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1028\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1025\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1025\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\1025\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\SetupUtility.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\NDP40-KB2836939.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\ParameterInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\SplashScreen.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\Strings.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\UiInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\header.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\watermark.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\sqmapi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\SetupUi.xsd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\SetupUi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\SetupEngine.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\Setup.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2836939-x64.exe","C:\56ef2b8d3b34bbd1fda48fe3859355\DHtmlHeader.html",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30bb.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30b7.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\Graphics\warn.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\Graphics\stop.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\Graphics\SysReqNotMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\Graphics\SysReqMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\Graphics\Setup.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\Graphics\Save.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\Graphics\Rotate8.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\Graphics\Rotate7.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\Graphics\Rotate6.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\Graphics\Rotate5.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\Graphics\Rotate4.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\Graphics\Rotate3.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\Graphics\Rotate2.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\Graphics\Rotate1.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\Graphics\Print.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\3082\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\3082\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\3082\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\3076\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\3076\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\3076\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\2070\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\2070\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\2070\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\2052\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\2052\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\2052\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1055\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1055\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1055\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1053\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1053\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1053\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1049\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1049\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1049\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1046\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1046\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1046\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1045\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1045\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1045\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1044\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1044\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1044\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1043\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1043\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1043\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1042\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1042\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1042\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1041\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1041\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1041\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1040\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1040\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1040\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1038\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1038\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1038\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1037\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1037\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1037\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1036\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1036\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1036\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1035\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1035\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1035\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1033\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1033\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1033\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1032\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1032\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1032\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1031\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1031\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1031\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1030\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1030\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1030\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1029\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1029\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1029\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1028\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1028\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1028\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1025\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1025\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\1025\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\SetupUtility.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\NDP40-KB2836939.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\ParameterInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\SplashScreen.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\Strings.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\UiInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\header.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\watermark.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\sqmapi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\SetupUi.xsd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\SetupUi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\SetupEngine.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\Setup.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-v3-x64.exe","C:\acbf021a403c3a153b68931628\DHtmlHeader.html",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30b6.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\SetupUi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30b5.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\SetupEngine.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30b4.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30b3.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30b2.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30b1.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30ad.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\Graphics\warn.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\Graphics\stop.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\Graphics\SysReqNotMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\Graphics\SysReqMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\Graphics\Setup.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\Graphics\Save.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\Graphics\Rotate8.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\Graphics\Rotate7.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\Graphics\Rotate6.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\Graphics\Rotate5.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\Graphics\Rotate4.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\Graphics\Rotate3.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\Graphics\Rotate2.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\Graphics\Rotate1.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\Graphics\Print.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\3082\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\3082\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\3082\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\3076\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\3076\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\3076\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\2070\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\2070\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\2070\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\2052\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\2052\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\2052\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1055\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1055\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1055\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1053\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1053\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1053\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1049\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1049\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1049\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1046\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1046\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1046\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1045\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1045\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1045\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1044\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1044\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1044\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1043\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1043\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1043\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1042\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1042\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1042\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1041\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1041\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1041\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1040\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1040\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1040\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1038\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1038\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1038\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1037\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1037\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1037\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1036\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1036\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1036\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1035\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1035\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1035\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1033\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1033\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1033\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1032\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1032\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1032\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1031\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1031\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1031\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1030\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1030\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1030\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1029\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1029\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1029\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1028\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1028\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1028\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1025\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1025\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\1025\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\SetupUtility.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\NDP40-KB3098778.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\ParameterInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\SplashScreen.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\Strings.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\UiInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\header.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\watermark.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\sqmapi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\SetupUi.xsd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\SetupUi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\SetupEngine.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\Setup.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3098778-x64.exe","C:\9f44f7dfa1ae2fe3444b820edcb17e96\DHtmlHeader.html",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\607f2621.jpg",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\SLS\855E8A7C-ECB4-4CA3-B045-1DFA50104289\sls.cab",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\eb829b4.jpg",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286717188770776.txt.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1484198114.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1484198114.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\f9d83733.jpg",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B25660E337DD4b1eAB0EC5D17C4A7382.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 887067C117F74d9297BEF0CC727C9E00.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5215801A9CD14690A6B3EDA76B953B8F.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\bcd84bdc.png",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7A8D0101FAE345ad8ED7A03ABD47EFA0.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9A0127009656496896EABDDDFBCCD00A.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 96D4A05CE0C24e1290EC77AC8E40F629.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1484198021.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1484198020.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1484198018.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6C0D0E09660A4341AF05B169C172C85E.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1484198017.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286716169232622.txt.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\eventbeacons.dat.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0E72C18D01424b26B0C5D0B48AAAAA61.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286716114446619.txt.~tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9A32CDB8E7214eb694B2FE662382BDF0.ppd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30ac.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30ab.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_deployment_dll_x86",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Deployment.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30aa.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_deployment_dll_amd64",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\SetupUi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30a9.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\SetupEngine.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30a8.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30a7.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\sqmapi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\SetupUi.xsd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\SetupUi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\SetupEngine.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\DHtmlHeader.html",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\Setup.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30a6.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\dfdll_dll_x86",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfdll.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\1f30a5.rbf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\dfdll_dll_amd64",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\1f30a1.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\Graphics\warn.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\Graphics\stop.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\Graphics\SysReqNotMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\Graphics\SysReqMet.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\Graphics\Setup.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\Graphics\Save.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\Graphics\Rotate8.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\Graphics\Rotate7.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\Graphics\Rotate6.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\Graphics\Rotate5.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\Graphics\Rotate4.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\Graphics\Rotate3.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\Graphics\Rotate2.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\Graphics\Rotate1.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\Graphics\Print.ico",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\3082\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\3082\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\3082\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\3076\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\3076\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\3076\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\2070\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\2070\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\2070\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\2052\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\2052\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\2052\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1055\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1055\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1055\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1053\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1053\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1053\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1049\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1049\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1049\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1046\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1046\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1046\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1045\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1045\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1045\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1044\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1044\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1044\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1043\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1043\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1043\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1042\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1042\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1042\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1041\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1041\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1041\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1040\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1040\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1040\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1038\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1038\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1038\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1037\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1037\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1037\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1036\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1036\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1036\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1035\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1035\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1035\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1033\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1033\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1033\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1032\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1032\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1032\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1031\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1031\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1031\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1030\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1030\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1030\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1029\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1029\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1029\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1028\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1028\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1028\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1025\eula.rtf",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1025\LocalizedData.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\1025\SetupResources.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\SetupUtility.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\NDP40-KB3097994.msp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\ParameterInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\SplashScreen.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\Strings.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\UiInfo.xml",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\header.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\watermark.bmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\sqmapi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\SetupUi.xsd",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\SetupUi.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\SetupEngine.dll",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\Setup.exe",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB3097994-x64.exe","C:\5e700518420031083d54aa193fb538\DHtmlHeader.html",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\Logs\CBS\CbsPersist_20170112051059.cab",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\9010.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\900F.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\B9FA.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\FFCF.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\2613.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\B03.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\BA92.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\7F08.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2092.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\9237.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\D760.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\A8F0.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\7FCD.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\7C43.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\404B.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\492.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\EA3E.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\0c38426a-fd06-4069-b19d-71326da1985e\index-dir\temp-index",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\9B34.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8BD7.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\5C4E.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\3C6E.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\0c38426a-fd06-4069-b19d-71326da1985e\index-dir\temp-index",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\8f6e4ce6-bc4e-40d4-970e-092eb658cb71\index-dir\temp-index",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7WDPKYH5WL9F58VMHL6Q.temp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\B0C.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\FF58.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\FEBB.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\FEAB.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\FE3C.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\LOG",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\8f6e4ce6-bc4e-40d4-970e-092eb658cb71\index-dir\temp-index",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\8f6e4ce6-bc4e-40d4-970e-092eb658cb71\index-dir\temp-index",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\Logs\CBS\CbsPersist_20170112004021.cab",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\244bcbf230ad1b50ebdacc73383f516f\BIT1970.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b2ee889972ea842065808dffc942060f\BITA157.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\83217542302e76303148ff34a8c9443a\BITA84.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\882fc632ca6c80728f83b1d538524b81\BITE97A.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\619cccce7d39766e0346414a21523bad\BITC89D.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\53fbad0b01da1c6cba2a0693d45f49c4\BIT1846.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0434da54863cf56f98b637c6e4abff1e\BITADAD.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a34b1375954bb4200e0368bd1153f8ec\BITEBDF.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\16be77b682de5f7723de0e2361280b1c\BITC29F.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9b7a9efac681c19444b5585334c11f64\BITC941.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4af4ea6289f46c73b169c4abd042daca\BIT961E.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\413959ad3cb518fc449c5905d21425ce\BITE7B.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\066bbc2c853ceba54b2abb11fb01551e\BITC16B.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1c232671594387b24f0d0aafb45313ef\BITAD19.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e72d85ebbc9ccae2f9a876f175b54abe\BIT96A1.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c18bc74c27a7e3d1c83eebd3fbc6f0ce\BIT85CE.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8a87e733a4d8f021bdd07e69f0f7bab2\BIT6967.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a52c7c744b8edd485193b567ca565cdd\BIT48AB.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a97a7de8ca050c7f04492ba3de663402\BIT3CD7.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a34b1375954bb4200e0368bd1153f8ec\BITD97E.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fba93083fca1a33440412fdcc9685b66\BITB4C8.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\35935f37c81f2ba4a915b91ed6ff9b38\BIT9C95.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4f7b85ca318c362cd4ea678713036aa1\BIT64A1.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\73ab49b60ebd4cdbbed3fa3e65d3bbb9\BIT5BAB.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0f7732f11570a5cffcd310a88e0fff64\BIT4CDA.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5c655a10b1fea23613d7edac2bf5d086\BIT4644.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\24c893ec620f93cab05a529e65a5a4b1\BIT3783.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4ad8ef39015294ba79f5e57a03a092d5\BIT2B7F.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7706f882dac85fdf7ce9fca630d337fd\BIT22A3.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\eddecd23b6c981630f1e36feb0c7a319\BIT338D.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1b998fc749cd19e2afbd9230f0f26e91\BIT2837.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fc61d57436a1827a64a002e41cf6f6ef\BIT1C63.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ff856efcfb81a4ef8d40ba81703e62d2\BIT16C7.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a99e9c872b4eddf6c2c1edc2e31c9e4d\BIT1292.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\dbe631d2af69706609ee3cb9d7539a84\BIT9C4D.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d7a53c84cd556e9516b8b4e58e902225\BIT8A1.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9b7a9efac681c19444b5585334c11f64\BIT874D.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0bca439a6e791d559c53d26ead939303\BIT76F7.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9477ff3da7baeed014e4f92d80e28135\BITF417.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\64b7fe9a811de54531a6c9a9cb2f379f\BITEFA3.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0d825e238e0f4356376b1a966e49edfb\BITDDF5.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\76c04f24c84dc6e7b13a311f775a14e3\BITD8C6.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\dfab8422cfea25e1326f67c64c838b41\BITD52C.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6eaf758fbf62b3270052e4dfb88c7251\BITD107.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b44b58a3f2556633541a1c279385b4cc\BITBD55.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5cabca7e82c0d3e71ba4f423fcc746da\BITB94E.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1c232671594387b24f0d0aafb45313ef\BITB3A2.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e20489b137ee762c226443040e8c0a94\BITAC9F.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a27a13b2d3c830b6986398343e92cd91\BITA214.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\24f35113bdfc98a6d6345b1d04edf62d\BIT81D6.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\73ce71adc75356a0df3116bf40bd2f32\BIT76CD.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5e98a2c868b9d6e393ef9f41aa56f6b0\BIT3AB7.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a654b059279e3b78fb07a2635394b301\BIT329B.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\749501016e2cb2e2bc9a1320faee95a9\BITD137.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fa7e333da3de016a77639f7ed822911a\BITC802.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e2339be7f87141174408da2ffc22de88\BITB378.tmp",2
"2017-01-12T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\de4be5491c774be440b01d600386784c\BITA247.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\daaab79342603347fb83197df7805d28\BIT8B5A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0e87732a5d1e915706abd395a770e86b\BIT638C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\3b04deb5806ae08ab4f344916371eb49\BIT5B9F.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d192e3d541a00cbe348eb3909eec694b\BIT2199.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c764b0d86f7af8a36e72ea67f5355c4a\BITF0A9.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6634deda1d8e806a1efe7654e8e4901f\BITEC07.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\3455deb870c595425eaf0bdcbcaeb877\BITE764.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e75edab281bce725be78f5627e47df90\BITD4AD.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\bbdc23bad43388a63a1f15b658fef0b1\BITCFDB.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e905e1e210ffc2b275129289677e39e1\BITCB48.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11bbf576fa0506e2fb58f4f4bafa0f59\BITC6F4.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6cd067d9956eb9a18c8497366f2715b4\BITB823.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\05b0032e6cbec120860f053eebc3065d\BITA06C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\158e7d009563cb2d0ea5711c6ed31e73\BIT6DF6.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\3dc28a2cfe67324389ce5d3b023081ef\BIT6934.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7c03b7d582ff5efb46cc0d8b93a46c49\BIT5025.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\80433f21628a7aeddc1f3230409672e4\BIT3D3E.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a57f7fbb06a296e358067a0fe0292db9\BIT2FA5.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\37e8cd4aede66eafa8539727217c5ff8\BITFB5.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\26cd991eaeddd5f3e380bb49c82ce6e2\BITC2B.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ab43683f714f7a372ad4b903021361cb\BIT3D0.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\70bf659b42dfee7640ed0c15607040d0\BITFFD9.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e2b0f41c346337c3ff8848035557ba49\BITF55D.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\13a8f7ac0247b6b83394d5f547edeb29\BITED8F.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9b7a9efac681c19444b5585334c11f64\BITE8FC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\51baf24a05f64c377323a1543dd54e8b\BITDCFA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\014254961a4f5da52da40c45564f3e34\BITD903.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7e3339a9235f44d9f723bb3b3798562e\BITCDAC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\34f40659e4b64e23c2ca85762031ee08\BITC8FA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\715fa40cbb3cea2394fd352daa700691\BITC264.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9990c55a4c6df539794640f4ae010e97\BITBE5D.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\248c79ee4edd1012af3b9678786a1064\BITB94D.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8665b60e4f62768b90a2d1935c012cd8\BITB067.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\55e7686e811cd1c78072ea598502701a\BIT546D.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0bca439a6e791d559c53d26ead939303\BIT40CB.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\cd498623c55e8572d01d60ddd454ff1b\BITFBC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\77cf6a6767cba1b1e1e680663af7cbfb\BIT3AA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c88e7a6b727c2c43b674b63d8e8e06cd\BITE955.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\638eb56e09eb134b6fd627cb348d8456\BITAAEA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\01a053980903f39e9f451d8bfef18d94\BITA58C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_e708f365ace4144b\TiWorker.exe","C:\Windows\Logs\CBS\CbsPersist_20170111235217.cab",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\SLS\9482F4B4-E343-43B6-B170-9A65BC822C77\sls.cab",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\SLS\9482F4B4-E343-43B6-B170-9A65BC822C77\sls.cab",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2962_1634_notdimmed.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe","C:\Users\user\AppData\Local\Microsoft\OneDrive\settings\Personal\global.temp.ini",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QVLZZIW0QHQRFVZVXK5R.temp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3A40CFCBB9344cf3AF7F53BD1A42465F.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5ABC014A20484e259C98845191756945.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0B569E6D848E4859909592BE7C86C9B5.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C9C2CBC62F054e48872BEE4CE152C3FB.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AD71BBB9359E408b9F0384E3D1486421.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 58A82F0C4F91412eB5F8805F285BC3A7.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2a83999e66d2ad62235b2a28b46ab125\BIT5826.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\98fc0d7a5d8c614b0d27c725e44c77c3\BIT4ABC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\727b1dce406a6f5e5084e9bd595c5cb9\BIT45BC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11f0b3b6fe38c110839599a876dde97f\BIT33FE.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7f4f5de444e319898f10bd6094c673ca\BIT2F9A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c423fa7b086e3956438d7e440b22d30e\BIT2C10.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\cd498623c55e8572d01d60ddd454ff1b\BIT2819.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1345c520dafdf1d8462d2a497a59d282\BIT22CB.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\61fcec27c6f05b4a6493d6e261d42a5f\BIT27E.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\77cf6a6767cba1b1e1e680663af7cbfb\BITFCD2.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\46b8a3f78da9eada5bc7ee906acbe450\BITF87D.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\eb2c37798dc389113b761bf80d2373f6\BITEC2D.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\319d4d91727b725c7b2164ca94f47db9\BITDFFC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe","C:\Users\user\AppData\Local\Microsoft\OneDrive\settings\Personal\global.temp.ini",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c88e7a6b727c2c43b674b63d8e8e06cd\BITBF71.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F4DD399BC63A42abB66908C06228871C.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6920E48DA53A41039CE5ADA761D05FF4.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4329bded54108c1791826016746c5926\BITB67A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\777ec019facd994bdfbcbc240bb0c7d1\BITB052.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0f72864ef8c84c1ed4fb0ec9cceab7e6\BITAAE4.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E8E016C54C5F40848C5C102C6928BB3F.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b0d470acd53a95539c1086945d0948f8\BIT7717.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\3d3a58651bdb60a908343c95e052c3fc\BIT6867.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b1ef4dbfb5e587165252a74cde52662f\BIT6412.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\31d74f3ff180a7c42f0667ca0cd1c97a\BIT5F22.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a27395d0ca45ed3e9e709f8b6945dae7\BIT559F.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8b986d1d599b53ea26e5ba7fead0caea\BIT51B7.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\80a38b2d7374bca1ae025958363e8f80\BIT2EBC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae89b49c40c7fcf2fea8d53a99c995dc\BIT2B23.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C9F2E870DC2D4d3c8EBB4D61BCC22534.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e271e1a1c292920d4a25ad48dc32d277\BIT2661.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\cce312828f62cfa982a90e2907a4428a\BIT2C9.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\242a6ab2e0847e3cab2ff8d248b561f3\BITFBB7.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FC587272FD8446caB822525E15E89D3A.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\af2315a5ae55ccc55a336160ee218772\BITF6F5.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 60F452DB774748b08351A8A51CD543A6.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a0471f7307ea21cb519ff9ca13580fe6\BITEBBE.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\658e150d9bcfb3acb5c5a52be3efe778\BIT4A21.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\639b2169481efa049964677ec5be5e10\BIT27BC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\44b836e953f10e780a421d6fb4995a79\BIT9524.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5ac9fa117313bc936ecaeb0780e7a2d2\BIT82EA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9c29319af383ce64fc9a8589a49f9ac7\BIT7DCB.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\564598e1bdb10b37fe28c2e558c3af32\BIT788C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d5029254a6cd7674db991525aa4a36c1\BIT5DFA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\85e3c892f4e7261a4a10326a971ce2e5\BIT3840.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\31dccad4e71aa929a049daa2f588fdae\BIT1BBA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a77593bd178399509715c2381c2bcc5c\BIT109.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8dd32a84251c20c8947b692c8dfe3685\BITF516.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\359f5c242b4017e58732c7b4b0422193\BITEF89.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0e2168f65571eee36d4530e11dbccc77\BITE896.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fea9c26fdab93206c8d1c0a29dae3805\BITDCE2.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b97a241dead4513a3b93de262a5f4426\BITD18B.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B850765DA9834f84AB8909F886E5BAAC.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a7896e8a857721ff3e9b7d36df46852c\BITCCBA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\38e70d24c19e2c81dc26218a23dfff5c\BITC4AD.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\cc828f415f7dfbb22a63ead7e6d1cc9b\BITB496.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\32f1a5f2be55cc8bf85f93f2ee4a6105\BITAECB.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ecb0a451d85d54b5b3974959275b58af\BITA854.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B9CADB1DB70B4095B4AF95BF6A986B39.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DB2A19F5F6A34befBAA1A84BEC582CDA.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8f84cfc29f2df25a6df681f1815c87da\BITA373.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\3d3524d503bbc4cb289ee5cfecc7c6ad\BIT9C32.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\65acf3b9a807a1539fd5b9065ce17f5b\BIT9686.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c8a671174f07a97cddd2df36dc30c145\BIT90DA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\162e6ff60e2959365618cc52ae55c807\BIT3D9C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\78dc9410a41f79e700ff8e5fc2c9feb7\BIT2FE5.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\253ba8bb40d76190d2cf709d43069b1f\BIT2BBF.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c4812683c098f296c4a4e4f0c5d3f20e\BIT1D2D.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5cd8ea1f9b4dc9294b737b7f480b33e6\BITFF12.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\16c24738fb9bddd21dee0b7652889e9a\BITBD50.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7f817892331f08ee549a16fd6370c926\BITB5F0.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6e148922f729e2075ff39561fa0dbbe4\BIT9B6D.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d7d9f374c3d3174b1d00ac64526faf60\BIT9554.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2B59BECE56E84b2690EBED1AD973CBA8.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ac77bf0f2d9cee7d4a31ec8a5dabf844\BIT7841.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3862A03CFCD44748BFB9F0B989997512.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 75455FB7E2414affB99E2D02C3507343.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0afad7f3f1a8912e649fdd8d50fc7d58\BIT71CB.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\be2ecb7678fc545f4adcf87b58180c0d\BIT6980.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5f5669621f8c3698d11867c47e73423b\BIT6422.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\02a72a8439d28fdfacaf2a87da894dd4\BIT5EF3.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d8fbc3bdc1674f9df5101e80e6aba248\BIT311F.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1fc175e0969bac23e633c3f521c4d5fa\BIT2A89.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a2683847eed7966efdbd4575fa0a76a1\BIT34A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f08115ba732e4bb85f59f30642c6ef33\BITFE59.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\778e02e656ecd5796e5cf66d50960d1d\BITF978.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0274842ebe4930a6d36a2f86ae0dbe4f\BITDD40.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f9ea2647543fadaa1bfdee3eb48cd914\BITD747.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4cfa8942d7ea425326559492e8b8cc80\BITD13D.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a840534127741b209e21cf59ebab43a4\BITCC7B.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c293fb65335fa6a3500504f726aa334e\BITC836.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2b5a07b7ba4be09cd3df393a088f61a5\BITAFD5.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\75f80bb9fe8cc9317aa5fc906907b4ad\BITAB42.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1df778c9e91cad44dafc1ca3bfa2eb6c\BIT92C2.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6e45999e0a78f08e00d9c5b009ee2dc2\BIT8D64.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E925D186897F45ccA1A346DA6C94A8E5.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 718D275935334281A54040F9F5C8BF39.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\90a4a6fd798c1e5c912d0542bd1b97e9\BIT70EE.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7B4896C0DAAC4b8fB7850F187DC81C95.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\febb7aa74b71e60b1094ba697ab4782d\BIT6B33.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\38bc6220fb33627c6995170a4a68b568\BIT62AA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\bec88e614f93ded616992ca185201dfa\BIT49DB.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d7ee0c5a999d55ac71bfe521e3b08de7\BITEBE.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9b2f22d326524c443a42e21a8d93ff44\BITF709.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\aeb311e69e799a436e15556cb75ed49d\BITEE8F.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f37851a8590fd0c3a70626de7ae5fa8a\BITE951.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7ebd3c2445973be4c95241837838d3bc\BITE1D1.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a95c34bf8be066a62e749cc8a8bafc7f\BITD533.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\eddecd23b6c981630f1e36feb0c7a319\BITC135.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1b998fc749cd19e2afbd9230f0f26e91\BITC0A8.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\487a9988625bee247399e8de0312a440\BITC00B.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ecb876ba538c8cd6a99ecd0fc4f3c862\BITBFBC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\576d72acd196aa5cc3c93214d84171ff\BITBF1F.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fc61d57436a1827a64a002e41cf6f6ef\BITBEA1.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9336c62bf535e545a18ed86ea64a663f\BITBE13.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 939023634AD64e26BDCF0A83427715D2.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F207216CBEA34d7e8A1BC448427DE626.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ABE08F150EB64c31990DD2135381DFFB.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ff856efcfb81a4ef8d40ba81703e62d2\BITBD96.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a99e9c872b4eddf6c2c1edc2e31c9e4d\BITBCF9.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\413959ad3cb518fc449c5905d21425ce\BITBC6B.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\83217542302e76303148ff34a8c9443a\BITBBCE.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286514153672225.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9477ff3da7baeed014e4f92d80e28135\BITBB41.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\64b7fe9a811de54531a6c9a9cb2f379f\BITBA94.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\882fc632ca6c80728f83b1d538524b81\BITBA16.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0d825e238e0f4356376b1a966e49edfb\BITB989.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\76c04f24c84dc6e7b13a311f775a14e3\BITB8FC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\dfab8422cfea25e1326f67c64c838b41\BITB86E.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6eaf758fbf62b3270052e4dfb88c7251\BITB7E1.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\619cccce7d39766e0346414a21523bad\BITB744.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\066bbc2c853ceba54b2abb11fb01551e\BITB6A7.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CE393896E0C142968DD34BE754F39F11.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b44b58a3f2556633541a1c279385b4cc\BITB619.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\35a505ac40a37cc41e2cc6140f8b2033\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\35a505ac40a37cc41e2cc6140f8b2033\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 29C252B2D0CB4146BE9B785ECA917535.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5cabca7e82c0d3e71ba4f423fcc746da\BITB59C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\13d4a785681829e2053adaba8f856dd5\BITB4FF.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FE683F1C50814a38B2A8F6ABE96F06E0.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\35a505ac40a37cc41e2cc6140f8b2033\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1c232671594387b24f0d0aafb45313ef\BITB471.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f303311fc7f1e047b45479515c52a2e1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286513859419778.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5a2f0d996b0b1a7578e0f792cec71f54\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\67d20e43856731bd628bd49effe80f87\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\081df0f0679ec46a082096cd87a8bd23\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 74F0265B08334750B81F7EE701DBA187.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\98f63f7b9bf04cc0c3b06ed9724bb120\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\081df0f0679ec46a082096cd87a8bd23\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 153BA5E8E30C41758C37B885756DC618.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AB9B80580FD243c59C43A004C6060F99.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e20489b137ee762c226443040e8c0a94\BITB3F3.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a27a13b2d3c830b6986398343e92cd91\BITB347.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\24f35113bdfc98a6d6345b1d04edf62d\BITB26B.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\73ce71adc75356a0df3116bf40bd2f32\BITB1EE.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5e98a2c868b9d6e393ef9f41aa56f6b0\BITB170.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0f4bb2f7c92efed92893cb539fd9a8e3\BITB0D3.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 43C1C14CE35946abB6E494CEB4632F89.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 24E099A7CFED4b4aA96073730FEB2480.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 99BFDFCB9DB7475f9AE6915EC480A15C.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a654b059279e3b78fb07a2635394b301\BITB074.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7706f882dac85fdf7ce9fca630d337fd\BITAFC8.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\53fbad0b01da1c6cba2a0693d45f49c4\BITAF2B.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c4ee758cf47868d52b1bbfd2c5f04806\BITAEDC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 76EEF4C63CF5431cAA669219C3F7179E.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\749501016e2cb2e2bc9a1320faee95a9\BITAE7D.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fa7e333da3de016a77639f7ed822911a\BITADF0.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CD4E31FC433E4ca690760A5144C9377E.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e2339be7f87141174408da2ffc22de88\BITAD62.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FA23E79DB652477dB47E69E20281E6B8.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0434da54863cf56f98b637c6e4abff1e\BITACE4.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\de4be5491c774be440b01d600386784c\BITAC67.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\dbe631d2af69706609ee3cb9d7539a84\BITABCA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e72d85ebbc9ccae2f9a876f175b54abe\BITAB1D.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\daaab79342603347fb83197df7805d28\BITAA80.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c18bc74c27a7e3d1c83eebd3fbc6f0ce\BITA9F3.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8a87e733a4d8f021bdd07e69f0f7bab2\BITA965.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0e87732a5d1e915706abd395a770e86b\BITA8E7.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\3b04deb5806ae08ab4f344916371eb49\BITA7DD.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e668dcafea3ad64fc0b2d18d40c91a31\BITA731.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9E771CD01DAB41b99A4B3FC0044BA3A7.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 376E7167467C4c34AFBF647F4AD33621.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F5B0445E2EC948448E1F9236E34E8C71.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a52c7c744b8edd485193b567ca565cdd\BITA6E2.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a97a7de8ca050c7f04492ba3de663402\BITA664.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d192e3d541a00cbe348eb3909eec694b\BITA5F6.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d5b29f0df23b9e2c32422dc84032dc68\BITA578.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 918EADB6D6E44a47951304055F18C54C.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 25E2694F6FA8475c905C8C93E6806BF5.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 524DE24ADBB340d4AB8F661650EF4757.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c764b0d86f7af8a36e72ea67f5355c4a\BITA519.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6634deda1d8e806a1efe7654e8e4901f\BITA4AB.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\3455deb870c595425eaf0bdcbcaeb877\BITA3EF.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a34b1375954bb4200e0368bd1153f8ec\BITA371.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e75edab281bce725be78f5627e47df90\BITA303.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\bbdc23bad43388a63a1f15b658fef0b1\BITA275.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e905e1e210ffc2b275129289677e39e1\BITA1E8.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11bbf576fa0506e2fb58f4f4bafa0f59\BITA15B.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\16be77b682de5f7723de0e2361280b1c\BITA08F.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1BB5B3BB2DA24739AA4F75AA58DC5339.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6cd067d9956eb9a18c8497366f2715b4\BITA001.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A92AD971651A42b09F29C4B805BC56B8.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 472D6087500340dbB0EEE29828D3F87C.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fba93083fca1a33440412fdcc9685b66\BIT9F74.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\05b0032e6cbec120860f053eebc3065d\BIT9E89.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\35935f37c81f2ba4a915b91ed6ff9b38\BIT9DEC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1a45dbc5ec27a823e022b5c2b26f8824\BIT9D7E.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\158e7d009563cb2d0ea5711c6ed31e73\BIT9D00.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\3dc28a2cfe67324389ce5d3b023081ef\BIT9C92.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4f7b85ca318c362cd4ea678713036aa1\BIT9C23.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\73ab49b60ebd4cdbbed3fa3e65d3bbb9\BIT9B96.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A1666FB178F24bb0A4BC6C81E81FD54E.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7c03b7d582ff5efb46cc0d8b93a46c49\BIT9B09.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0f7732f11570a5cffcd310a88e0fff64\BIT9A7B.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2b57ea50fcbcb81d9c4a9479a9f166ae\BIT99FD.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8B31056FF5A8456d8259030CA1DFFE2C.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5c655a10b1fea23613d7edac2bf5d086\BIT9980.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 00DB7C6BE86543eeA45107FDFFCD95BA.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f258d79b4dc7a02b928f08d12efd1004\BIT9921.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\80433f21628a7aeddc1f3230409672e4\BIT98B3.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\24c893ec620f93cab05a529e65a5a4b1\BIT9825.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a57f7fbb06a296e358067a0fe0292db9\BIT9798.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4ad8ef39015294ba79f5e57a03a092d5\BIT972A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9ef39d94683710b2f858ac4fe1cb750d\BIT96DB.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\37e8cd4aede66eafa8539727217c5ff8\BIT969B.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\26cd991eaeddd5f3e380bb49c82ce6e2\BIT95AF.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d7a53c84cd556e9516b8b4e58e902225\BIT9512.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\87f09bffa1f761eda7f60526bcb2649a\BIT9495.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ab43683f714f7a372ad4b903021361cb\BIT9446.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\70bf659b42dfee7640ed0c15607040d0\BIT93B8.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e2b0f41c346337c3ff8848035557ba49\BIT933A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\13a8f7ac0247b6b83394d5f547edeb29\BIT92DC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9b7a9efac681c19444b5585334c11f64\BIT925E.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\469d8313de7120f14516ea4d8a395f38\BIT91E0.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3FD936278390476bA1CF58A6A239D83E.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B6C8247A271C4774871A0AFDFE3C5848.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F4EDB6AE10714212BEB7F69AE4E43993.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\51baf24a05f64c377323a1543dd54e8b\BIT91A1.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\014254961a4f5da52da40c45564f3e34\BIT9133.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7e3339a9235f44d9f723bb3b3798562e\BIT90C4.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\34f40659e4b64e23c2ca85762031ee08\BIT9047.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\496f16a0fdf9d2a7e125b13bc0a8b743\BIT8FD8.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d782d4b9da5d0fe421f23cb6e07715d2\BIT8F7A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\715fa40cbb3cea2394fd352daa700691\BIT8F4A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9990c55a4c6df539794640f4ae010e97\BIT8ECC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\248c79ee4edd1012af3b9678786a1064\BIT8E5E.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0f7ae6cfb10326911505d9b6124785e6\BIT8DF0.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fef322b54fc575b268e72e6740e7dbda\BIT8DA1.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E352BD7CABE84bbeACD231B4D78C6847.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6115ACDC8A0D4eb8B7C4CE53A2D1BB38.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E8BF6DB86CE14322B0136BBCA90963F6.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8665b60e4f62768b90a2d1935c012cd8\BIT8D33.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\638eb56e09eb134b6fd627cb348d8456\BIT8CB5.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\01a053980903f39e9f451d8bfef18d94\BIT8C56.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b2ee889972ea842065808dffc942060f\BIT8BF8.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2a83999e66d2ad62235b2a28b46ab125\BIT8B7A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\55e7686e811cd1c78072ea598502701a\BIT8B0C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2065f46e9c2650b6ab895b0fc2de5f46\BIT8AAD.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a56dbc416faee10d96bce96e734760d7\BIT8A4E.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11cf58fc4b92d5235c9201eb8ef549d2\BIT8A0F.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\98fc0d7a5d8c614b0d27c725e44c77c3\BIT89C0.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 797974C5EBE14985AF0FEE67777E7C9E.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\727b1dce406a6f5e5084e9bd595c5cb9\BIT8971.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0bca439a6e791d559c53d26ead939303\BIT8903.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ACC08DC172354612A7C8EB877999C3C2.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11f0b3b6fe38c110839599a876dde97f\BIT88B4.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7f4f5de444e319898f10bd6094c673ca\BIT8855.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c423fa7b086e3956438d7e440b22d30e\BIT87F7.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\cd498623c55e8572d01d60ddd454ff1b\BIT87B7.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a24981ecf1b67012a3f8cce464d42bde\BIT8768.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 498F44B9AF1C4a4681A2B30E97751C43.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8c373c17a2524a0a800e13448353d609\BIT870A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1345c520dafdf1d8462d2a497a59d282\BIT86AB.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\61fcec27c6f05b4a6493d6e261d42a5f\BIT863D.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d61c3844f7bfe776e1ad8452d415f38a\BIT85EE.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e7d0b6ac9f2f2d87eff9cc7154faab59\BIT85BE.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DA93E97B0F9E439d8030B0D37834738F.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F9D140C2965A4ad580A5D0AFA55A256A.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7A760A60EDDA47b688B130C9D0CF1D20.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\77cf6a6767cba1b1e1e680663af7cbfb\BIT858E.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\46b8a3f78da9eada5bc7ee906acbe450\BIT8530.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\eb2c37798dc389113b761bf80d2373f6\BIT84E1.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\319d4d91727b725c7b2164ca94f47db9\BIT8492.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4006fe3e52de2cef115b6920249e7949\BIT8462.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c88e7a6b727c2c43b674b63d8e8e06cd\BIT8432.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4329bded54108c1791826016746c5926\BIT83E3.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\777ec019facd994bdfbcbc240bb0c7d1\BIT8384.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C8A8845E708140168B683B7AC00B24A5.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0f72864ef8c84c1ed4fb0ec9cceab7e6\BIT8326.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C7031D74626C483aBB2924D23F55D599.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 44D0736727134d17A80B6A82E56E2B59.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b0d470acd53a95539c1086945d0948f8\BIT82D7.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\3d3a58651bdb60a908343c95e052c3fc\BIT822A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b1ef4dbfb5e587165252a74cde52662f\BIT81CC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\31d74f3ff180a7c42f0667ca0cd1c97a\BIT7F89.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6bb360d14989725fe02d659043292406\BIT7F5A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a27395d0ca45ed3e9e709f8b6945dae7\BIT72FA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FF3C9E2C3291403dBFDD09CB73E063B4.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8b986d1d599b53ea26e5ba7fead0caea\BIT72BA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C1CE45F9986C48fcBC2627526C953C55.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C8758487E8F14636ADA7B075F8C8DD0F.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\80a38b2d7374bca1ae025958363e8f80\BIT28FC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ae89b49c40c7fcf2fea8d53a99c995dc\BIT28DC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e271e1a1c292920d4a25ad48dc32d277\BIT28AC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\081df0f0679ec46a082096cd87a8bd23\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\cce312828f62cfa982a90e2907a4428a\BIT288C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\67d20e43856731bd628bd49effe80f87\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\242a6ab2e0847e3cab2ff8d248b561f3\BIT285C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\af2315a5ae55ccc55a336160ee218772\BIT282D.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a0471f7307ea21cb519ff9ca13580fe6\BIT280C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\081df0f0679ec46a082096cd87a8bd23\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4055AF42D2384f1c894CFC6D7F4BDA4D.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 18CDFA51CD0F4a82AF886816DDA33D49.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 28BF867BF9EA432f914CAA1DAA0FA868.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DC3F2AEF538F4949A71ADEF004DDB6A2.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 48B7BAC3225F45558F18FD1B999CE9E7.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AD039C91D6E34affBB635FF33D883D34.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286510480025065.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\658e150d9bcfb3acb5c5a52be3efe778\BIT27DD.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 766E9DFC6D9840c48C151FBDDDCAED8F.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 88BE26C363144ba0BFF1D29E7B766419.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B0401C479DDC4e6883FEB56B30CB5A13.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4D441FE0EA08429586497E4B839C074C.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\98f63f7b9bf04cc0c3b06ed9724bb120\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A0FB82BFD4324b1087ABCD2CE6349910.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 57BB3762D7174100816529A1F4A68EEB.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e3698c58def47b366f88a743e3d61360\BIT279C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\44b836e953f10e780a421d6fb4995a79\BIT278C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\689314aafd9a891846cc8f14da1b8870\BIT275C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E8252E4A13204248B309C5C12F808C9B.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C9307F31D0984c9181BF53F5E80F4D67.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA9A23EC3D944fc186B97DB90C5B77A9.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5ac9fa117313bc936ecaeb0780e7a2d2\BIT273C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9c29319af383ce64fc9a8589a49f9ac7\BIT270C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\564598e1bdb10b37fe28c2e558c3af32\BIT26EC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d5029254a6cd7674db991525aa4a36c1\BIT26CB.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\85e3c892f4e7261a4a10326a971ce2e5\BIT26AB.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4FC974F011D94ae581ADF668031007E8.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\31dccad4e71aa929a049daa2f588fdae\BIT267B.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fb8afe17cc8a3c429dd1d4b52e38ceef\BIT265B.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 815026136EEA4d84ABBFEC987D930E18.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 45B2C8BEC3A44ab6A410DFB0998073B0.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a77593bd178399509715c2381c2bcc5c\BIT262A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\275752dde6196a425da079bfc30e45d0\BIT25FB.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8dd32a84251c20c8947b692c8dfe3685\BIT25DA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\359f5c242b4017e58732c7b4b0422193\BIT25BA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0e2168f65571eee36d4530e11dbccc77\BIT259A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\51a3541664ff0fbc644d66f4293c36a4\BIT2589.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fea9c26fdab93206c8d1c0a29dae3805\BIT2569.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b97a241dead4513a3b93de262a5f4426\BIT2549.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a7896e8a857721ff3e9b7d36df46852c\BIT2529.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D406B4370C694125868CD1DC6154B18B.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\38e70d24c19e2c81dc26218a23dfff5c\BIT2509.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F1EB8300E1B946aaA0B7F66002F064C0.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\cc828f415f7dfbb22a63ead7e6d1cc9b\BIT24E8.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 43788BDB22A943c1AE371803BD387F1C.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\32f1a5f2be55cc8bf85f93f2ee4a6105\BIT24C8.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ecb0a451d85d54b5b3974959275b58af\BIT24B7.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8f84cfc29f2df25a6df681f1815c87da\BIT2497.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\254da68bac5ac984d7bd4130e07a4d69\BIT2467.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 76EC9384E61B4de79F2CD2F108B68BB0.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 198E1A3A5E2B41d38A0F254A88E33146.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C16E710EB8F042b687ADF84FA98579C4.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1484177319.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1484177318.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\3d3524d503bbc4cb289ee5cfecc7c6ad\BIT2447.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\65acf3b9a807a1539fd5b9065ce17f5b\BIT2427.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c8a671174f07a97cddd2df36dc30c145\BIT2407.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\162e6ff60e2959365618cc52ae55c807\BIT23F6.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\78dc9410a41f79e700ff8e5fc2c9feb7\BIT23D6.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\253ba8bb40d76190d2cf709d43069b1f\BIT23C5.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\36b75e6628e61562d1aff50a6f63a86e\BIT23A5.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c4812683c098f296c4a4e4f0c5d3f20e\BIT2395.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2ffcfd9458844f6509bf1c613c6f884b\BIT2374.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F98A4CDC70C54ba699D41EE9B30157BA.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 915DFAFD1C114313B1145039F5153901.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A1B0F7E6F8D2476895208F22C402C9C3.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5cd8ea1f9b4dc9294b737b7f480b33e6\BIT2364.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5dd65e61ea9bc4c5eb1ea5e1c8770afd\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E77780005DE647269E799907EDED2A02.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1C6898B4D4EE4d2b9610134ED689E285.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1664E115BB6743bb8A1427D63E6114B9.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5dd65e61ea9bc4c5eb1ea5e1c8770afd\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\16c24738fb9bddd21dee0b7652889e9a\BIT2344.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7f817892331f08ee549a16fd6370c926\BIT2333.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\98f63f7b9bf04cc0c3b06ed9724bb120\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a832b37fc158da3b24bea70d654fe50f\BIT2313.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5dd65e61ea9bc4c5eb1ea5e1c8770afd\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ce2e2f134551af45a8dfa59850310e5b\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6e148922f729e2075ff39561fa0dbbe4\BIT2302.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d7d9f374c3d3174b1d00ac64526faf60\BIT22E2.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ac77bf0f2d9cee7d4a31ec8a5dabf844\BIT22D1.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286508555305858.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 372140075B784f67A51E0936B6114686.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0afad7f3f1a8912e649fdd8d50fc7d58\BIT22B1.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1E2D8638ABDB47168EC23F76909AF83E.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 290E7BBB0A384d4dADA30A4289B2376C.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\be2ecb7678fc545f4adcf87b58180c0d\BIT2281.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5f5669621f8c3698d11867c47e73423b\BIT2271.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\02a72a8439d28fdfacaf2a87da894dd4\BIT2260.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d8fbc3bdc1674f9df5101e80e6aba248\BIT2240.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1fc175e0969bac23e633c3f521c4d5fa\BIT222F.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4375AB4F73B64a3287E0B147C0A0949A.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2f47734189f95683910fec5e81522b4b\BIT221F.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a2683847eed7966efdbd4575fa0a76a1\BIT220E.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1D5A7BA6F2834c42A5470057F2A4C59D.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f08115ba732e4bb85f59f30642c6ef33\BIT21FE.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\778e02e656ecd5796e5cf66d50960d1d\BIT21ED.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 41117E7349D647bdB69D46437C3B840A.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\40a13e09e0e4a3ffd223b703edda9586\BIT21CD.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\0274842ebe4930a6d36a2f86ae0dbe4f\BIT21BC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f9ea2647543fadaa1bfdee3eb48cd914\BIT21AC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4cfa8942d7ea425326559492e8b8cc80\BIT218B.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e0df355c3b4e8abd1f6e31a25e46d104\BIT217B.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a840534127741b209e21cf59ebab43a4\BIT216A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7664E21EE62047d3B52741441C133D24.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c293fb65335fa6a3500504f726aa334e\BIT215A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AC1F9080EE464c38992789875092CCC8.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A118006542A64dabBD7A00B4BBCAF0E2.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\93d72189bbcadb57cf4772be4db07ac4\BIT2139.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2b5a07b7ba4be09cd3df393a088f61a5\BIT2129.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\75f80bb9fe8cc9317aa5fc906907b4ad\BIT2118.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\1df778c9e91cad44dafc1ca3bfa2eb6c\BIT2108.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6e45999e0a78f08e00d9c5b009ee2dc2\BIT20F7.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\98f63f7b9bf04cc0c3b06ed9724bb120\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ce2e2f134551af45a8dfa59850310e5b\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5dd65e61ea9bc4c5eb1ea5e1c8770afd\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f303311fc7f1e047b45479515c52a2e1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\67d20e43856731bd628bd49effe80f87\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5a2f0d996b0b1a7578e0f792cec71f54\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\98f63f7b9bf04cc0c3b06ed9724bb120\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ce2e2f134551af45a8dfa59850310e5b\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5dd65e61ea9bc4c5eb1ea5e1c8770afd\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f303311fc7f1e047b45479515c52a2e1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\67d20e43856731bd628bd49effe80f87\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5a2f0d996b0b1a7578e0f792cec71f54\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\98f63f7b9bf04cc0c3b06ed9724bb120\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ce2e2f134551af45a8dfa59850310e5b\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5dd65e61ea9bc4c5eb1ea5e1c8770afd\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f303311fc7f1e047b45479515c52a2e1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\67d20e43856731bd628bd49effe80f87\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5a2f0d996b0b1a7578e0f792cec71f54\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\98f63f7b9bf04cc0c3b06ed9724bb120\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ce2e2f134551af45a8dfa59850310e5b\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5dd65e61ea9bc4c5eb1ea5e1c8770afd\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f303311fc7f1e047b45479515c52a2e1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\67d20e43856731bd628bd49effe80f87\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5a2f0d996b0b1a7578e0f792cec71f54\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8918AA4088D24cafAACDB1E4BA52582F.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\90a4a6fd798c1e5c912d0542bd1b97e9\BIT20E6.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 35169C151F4F44feBE7B0078364AB950.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5A387FC2E47D4fb696178232BC2E7AE7.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e98df48a0981a16062178b82b2e6c356\BIT20D6.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\febb7aa74b71e60b1094ba697ab4782d\BIT20D5.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\38bc6220fb33627c6995170a4a68b568\BIT20C4.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\bec88e614f93ded616992ca185201dfa\BIT20B4.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\eventbeacons.dat.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d7ee0c5a999d55ac71bfe521e3b08de7\BIT20A3.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b3d05c08380f785e07e60f3794aa219c\BIT20A2.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9b2f22d326524c443a42e21a8d93ff44\BIT2091.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6C183EC27EBC48049E9739BFE9ADE51D.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\aeb311e69e799a436e15556cb75ed49d\BIT2081.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286507593826866.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A5DE1BD704A34060A8C37F4D1E2E7ECD.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f37851a8590fd0c3a70626de7ae5fa8a\BIT2080.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7ebd3c2445973be4c95241837838d3bc\BIT206F.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA4D6EC1EB3B48e3B5A1D7D655DB2E8C.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a95c34bf8be066a62e749cc8a8bafc7f\BIT205F.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\60d2fd704b8af4633d1e92df62d225ac\BIT2000.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7DC635DE100246f093CE75D1648A354E.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2e7dd0d42248c01e171d97665b294663\BIT1FD0.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D6B945D737B343e0AEF5E5D04B0F0767.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0917A281CFA74f15B4F2EEF661BD5F83.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2962_1634_notdimmed.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\efee34770b307580399448941379f2f0\BIT72AA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6bb360d14989725fe02d659043292406\BIT1FB0.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\efee34770b307580399448941379f2f0\BIT264B.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 81C296A3BED64c7a8CAD8780BDDE2AFB.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D30025456C3645f183E8EC4DAA7503AF.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5dd65e61ea9bc4c5eb1ea5e1c8770afd\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C33EEFD1F8F64d308A4BEBD7E44674A3.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b9b4d95035470083b703112b8bd02293\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b9b4d95035470083b703112b8bd02293\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b9b4d95035470083b703112b8bd02293\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\77d3eee407fcb994c2cae32cb4f791ea\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\77d3eee407fcb994c2cae32cb4f791ea\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\77d3eee407fcb994c2cae32cb4f791ea\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ce2e2f134551af45a8dfa59850310e5b\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286506510980318.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7A9C2761A360409f93A857AAF3DD2AFD.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f303311fc7f1e047b45479515c52a2e1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f303311fc7f1e047b45479515c52a2e1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D04A7E513BEF485d897628FF71C064BC.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1F9BF103FDD048fa8A76CF0B0B4A7FFD.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f303311fc7f1e047b45479515c52a2e1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\67d20e43856731bd628bd49effe80f87\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CFBB71CFA81F4594A3F73255A79A13F8.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\67d20e43856731bd628bd49effe80f87\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e70cfbd4f989598eb7873559b5b0a9d1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8DC2912953E84657B01F860E7A59E441.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CE6772048CB2409b96D280753EBA821C.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\67d20e43856731bd628bd49effe80f87\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b8814810bbaeedcd77a0d6a67d4a73bb\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b8814810bbaeedcd77a0d6a67d4a73bb\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286506210334690.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b8814810bbaeedcd77a0d6a67d4a73bb\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8466d83df17ea3472e177a9eab954b35\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e70cfbd4f989598eb7873559b5b0a9d1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e70cfbd4f989598eb7873559b5b0a9d1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e70cfbd4f989598eb7873559b5b0a9d1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8466d83df17ea3472e177a9eab954b35\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8466d83df17ea3472e177a9eab954b35\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9dbf50fcdf9b1eb70ea9f40d171994ac\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9dbf50fcdf9b1eb70ea9f40d171994ac\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8466d83df17ea3472e177a9eab954b35\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5fe321bcd5bb37d83b0d268d0cc8a711\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5fe321bcd5bb37d83b0d268d0cc8a711\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 984ECC4DD4814f7a9ACCCB3885A5B2B4.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9dbf50fcdf9b1eb70ea9f40d171994ac\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5fe321bcd5bb37d83b0d268d0cc8a711\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5a2f0d996b0b1a7578e0f792cec71f54\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 50132AA4484A4110A45930DE9752100D.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E40DCDC3213B431095FC6C835AFA8B6B.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5a2f0d996b0b1a7578e0f792cec71f54\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 24BB7919C1F24e8f875E6F4181E5412B.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 47675F52D21946d5A4F4EFD7F364A32E.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286505911444617.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DB0B8C588686408789B6B15553CBC455.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4d36469f773528ff1bc03ee79e6d6631\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d32617639bd2f15386aff41391bf9287\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4d36469f773528ff1bc03ee79e6d6631\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4d36469f773528ff1bc03ee79e6d6631\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d32617639bd2f15386aff41391bf9287\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d32617639bd2f15386aff41391bf9287\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4d36469f773528ff1bc03ee79e6d6631\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d32617639bd2f15386aff41391bf9287\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ED2261C5F85F4f1b9D3386C68350CE18.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 82B718F2A53E4b4aBA8B6594B4760CAF.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EEA641A6ECA849ffACD3267112CFC67D.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F47529A097994ca5984ED2DC22193D2C.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2703440196994e549CCDE61BDA9EA7FF.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 90F4D87901294a5682648773C92EE2C1.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 26BCF4D50C89461cA1189EA8D0C9E733.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6CDC39F35D1C4143BAA38DBF8634F460.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7272D988D25742288E96F3490A13DE1E.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA9C0012781E418089BC0D57D777EA95.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D355B49904F84c3e9E4CDAFA3B34F413.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E6B2B88143F0440594EDB515BA96BB73.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ED6AF2B6CC504756B13C0C9F5346575C.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1484176832.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286504297898584.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1484176830.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1484176829.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286504276912930.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A8024F0FD03F4f6cA412C2D7FD4343C9.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe","C:\Users\user\AppData\Local\Microsoft\OneDrive\settings\Personal\global.temp.ini",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\Users\user\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe","C:\Users\user\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 93874A5F54914eb695E27999FAEDC3A8.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B435C642835841d7A07EBBDB81DF1B7D.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT914.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1484176783.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1484176781.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1484176781.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1484176780.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1484176780.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0213CA137E464414A6C0F2367F40B40D.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\1484176778.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286503755601129.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\BITF4BF.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8F3481FF4DD34339A1A99E14C883BF72.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BBB437D89C6243c6AABAC4D147F730FF.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 29EE5C359FC443879989CBA9E9DAEEF3.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6BCB5729387B443d9386BEFEA2166197.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 78F37815FE904ad6AA0B017412F2E011.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 033981B5036C4bd5A4BA0373E3997DEE.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB2C8B4FA7B7429c901CDC8CAAC06BAD.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B628D9A997DC4ab7BBFBFA9B1E432ACE.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DB65EDDDB1FC422bA9B658F644786296.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D0F9B2F8B4A54e8eAE7AEAF8F34152BA.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 921142A70F434d7eAEC0BB544F5B2337.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9D63024DBDFE4c12B372D6D042FB45EA.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 09C164E4991C4a81ACE6A3AEBAA3222D.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3A4FB31D43ED4cf2B1C6EBD9E05E2142.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B277659C9F3B45f9905BD8E53A8BA278.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BC56E40A6071478680233679016396B2.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1E87B209C7BE4fd792E56734FEDD9A2E.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AEC44AFDC19C4614BE9AB576FAD9C472.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C555CF99C88F4da497FBB2AEB473371D.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E7B0DD7F7BC14a94A0F95A41DAC974C6.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AFC55069519F471eB475E8CC2BF2C296.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AE2C8DE32F2848d3987A06BD5C8480E3.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 45A736612C1A45438B8863C5E1A3DCF9.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A42CC1492CF24340902D78F528987BDB.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A98F7A8D3E844d639A697C9C0068B0F7.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0AFE4226B34A49d991BE394E7450689F.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 11A444FE002443d4B99D9DECB0DAB2C4.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6813C6428DA14e78A4F3558FD4FA8D52.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AD3F698C561C4091849176FD48760EF6.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E5121E9FA1C94343A5F9C0B6649D2BD3.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BE1811FB8B8549d5A96C788BE3922DFE.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0120D6E7BF4545c1B92ACBB5E60309CF.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 453A56FA7516424d86B07D59A5D11C0C.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5FCE0A462313490dBB2BC7816E089071.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 99BCE9BC225A47c9A062001B6B4CA384.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\Logs\CBS\CbsPersist_20170111231058.cab",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 427F8A433D314a75AA6D0D6495D7B93E.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 741773177AEC4b52B78C887D4D765E8A.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CDB21B692A414ff2B1DB29ED5490F91A.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB3DAEDCD49E4f228DB53054999E0350.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0DA481255B2C46ce8C4395C0EE1DBBBB.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B7A3F656AB4A4101A1075083EC3D8B6B.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B66D912B0E9846e9B768D1E0693669AF.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 766A9CC1BE1A4d56A690D86A20E11B13.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 34BC4A58FB22408f8DDFEB36AEB28B91.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6316F2DFB8B644288BA732EC84F38B2B.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 629590BCB9874e68AF49BF02B0D0A777.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 269658DCDCF94961B8253701DC108CFF.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9C029933FCE24050863E40D97003B9CD.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0A70321871234c2e87AF8AA7A0664B82.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2CF9D88AA883453083013B363839F160.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6761DF4A53644ba2B08EF269F43071F0.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BBB7C77E37CE4720AD387EE74AAE91A5.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8C0515888D804e39AD576E7DAD0F58CB.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BE14392B435D418c8CB46D1F9C5DBC17.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 64950F006F2E473c8D98D2D4CD506179.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 55A2021506D445dbAAE34A20AE483708.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0C46FE88648B416dB7E9C262B60742B9.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C3D481D6DD7B4aa083CD977B66CC8660.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D1EEBB705381480cB29B1A74845241D9.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 37D34C352B4E4f269776A5D8617310F1.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 10D21AFDE2E149df99D23F1EF71712D5.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 46E26F57191A49e18FF7178A4182D5B6.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 271F42E25F294a188CE077E7D5544F74.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 64313DFECD7D48208D6006AB45B07749.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 674E541C824744569ECB543DB61216E6.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AC13FDF73C904a52B096BE3191DE337C.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EF62D3C592C249fdBADE1C3A48B59EFF.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CA2A0B61E4544bd480B7BA32B2060223.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EF6DCF4804F844f082DEE313F3CEC87E.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CEE04BC4EB844eb98C96462FDF795569.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9816281684AE462e811A7A16E502C463.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 404257D4337B431b953EDCA91609E176.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C10D9F6F86BA479e92A6CF63A3DB4595.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 63A931D0AB87491d8240876BDC27B539.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E17D4DB8BBA24086A287EAD7CFB0AA40.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BE3CF57A258C4e2eAC836C97997DED82.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD4D149CF55E41979E7E3CA2D65E8FF9.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 065D1E3424D54635A73DEECAAA76E872.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 11F45E30AEC34bd5BA692B414EDB6798.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 76848A1E196B439cACE5928B8F6ED1C3.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 71D834E49FC147abAF402A742E2EF55A.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5423F52A624E44cd9667B8D5F19D252E.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 70B52674C89A447cB6A0B7C8D73A833D.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3EDFFBDC837C46e8A7B08C7A26BC880B.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3FE8F5E3319947a7ABE6AD9DC1892A18.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C03640AE60AB478dB88DFD5614D8CA46.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BE59EC57D6254ba9A327FDA18659F6BF.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9EDA7F1421B24ce7805480AD34BF1D19.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD656914C47D4db3B188D25E276821C8.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286490579421242.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\081df0f0679ec46a082096cd87a8bd23\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\081df0f0679ec46a082096cd87a8bd23\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286490278855333.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\081df0f0679ec46a082096cd87a8bd23\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\35a505ac40a37cc41e2cc6140f8b2033\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\35a505ac40a37cc41e2cc6140f8b2033\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\98f63f7b9bf04cc0c3b06ed9724bb120\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 39A7B546B1D34fb9A15101614BA9D649.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\35a505ac40a37cc41e2cc6140f8b2033\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3D08EB0E7BF74f89BAAB525454DA15EE.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CCFEB545A5BE4d9aAE78ACEF2D5EA005.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\98f63f7b9bf04cc0c3b06ed9724bb120\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\98f63f7b9bf04cc0c3b06ed9724bb120\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\98f63f7b9bf04cc0c3b06ed9724bb120\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5dd65e61ea9bc4c5eb1ea5e1c8770afd\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5dd65e61ea9bc4c5eb1ea5e1c8770afd\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5dd65e61ea9bc4c5eb1ea5e1c8770afd\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286489984858243.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\77d3eee407fcb994c2cae32cb4f791ea\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b9b4d95035470083b703112b8bd02293\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 36B4138F9C544681B164D77A6226F203.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D7662F51039E4b2aBE095E239EE94AAB.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5DADBE3AE9624c32BCF9DA599C7DB418.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2560_1600_notdimmed.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b9b4d95035470083b703112b8bd02293\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b9b4d95035470083b703112b8bd02293\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2664_1664_notdimmed.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286486314623276.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286485774203322.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\77d3eee407fcb994c2cae32cb4f791ea\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\77d3eee407fcb994c2cae32cb4f791ea\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\77d3eee407fcb994c2cae32cb4f791ea\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f303311fc7f1e047b45479515c52a2e1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f303311fc7f1e047b45479515c52a2e1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ce2e2f134551af45a8dfa59850310e5b\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286485474434800.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f303311fc7f1e047b45479515c52a2e1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e70cfbd4f989598eb7873559b5b0a9d1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b8814810bbaeedcd77a0d6a67d4a73bb\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e70cfbd4f989598eb7873559b5b0a9d1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\67d20e43856731bd628bd49effe80f87\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b8814810bbaeedcd77a0d6a67d4a73bb\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b8814810bbaeedcd77a0d6a67d4a73bb\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b8814810bbaeedcd77a0d6a67d4a73bb\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286485176301049.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e70cfbd4f989598eb7873559b5b0a9d1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e70cfbd4f989598eb7873559b5b0a9d1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e70cfbd4f989598eb7873559b5b0a9d1\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8466d83df17ea3472e177a9eab954b35\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8466d83df17ea3472e177a9eab954b35\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8466d83df17ea3472e177a9eab954b35\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9dbf50fcdf9b1eb70ea9f40d171994ac\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9dbf50fcdf9b1eb70ea9f40d171994ac\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5a2f0d996b0b1a7578e0f792cec71f54\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9dbf50fcdf9b1eb70ea9f40d171994ac\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5fe321bcd5bb37d83b0d268d0cc8a711\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5fe321bcd5bb37d83b0d268d0cc8a711\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d32617639bd2f15386aff41391bf9287\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5fe321bcd5bb37d83b0d268d0cc8a711\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131286484879644830.txt.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5a2f0d996b0b1a7578e0f792cec71f54\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5a2f0d996b0b1a7578e0f792cec71f54\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d32617639bd2f15386aff41391bf9287\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5a2f0d996b0b1a7578e0f792cec71f54\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4d36469f773528ff1bc03ee79e6d6631\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4d36469f773528ff1bc03ee79e6d6631\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\BITB2B2.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\1a4a75a2.jpg",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4d36469f773528ff1bc03ee79e6d6631\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d32617639bd2f15386aff41391bf9287\BlockMap.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\175ef6ed.jpg",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1484174858.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1484174857.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1484174856.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___1344_0819_notdimmed.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1484174843.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1484174843.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1484174838.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT9352.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1484174837.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4EB82DF5D48C41978AED6A246979E454.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 16CD6D02B3C3405a84EDB02E664C3B1F.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E48A250182C14a37AB530871BE5E57B9.ppd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2FDB.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8CA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\DAF6.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\E7B1.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\41FF.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\53B9.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\AEF1.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\ADD8.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\96AF.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6F9E.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\5E5E.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\488C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\217C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\1BB1.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\8f6e4ce6-bc4e-40d4-970e-092eb658cb71\index-dir\temp-index",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\FF3A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\FA69.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F46F.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0M32ERPXC6IZM43XI70M.temp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CA7D.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C290.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C203.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C202.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\BFC0.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\DF37.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\DF27.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\libiconv-2.dll",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\libintl-8.dll",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\vietnamese-vni_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\vietnamese-viqr_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\vietnamese-telex_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\ukrainian-jcuken.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\ukrainian-dvorak.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\thaana.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\thaana-phonetic_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\tamil_tscii.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\slovak_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\slovak_iso-8859-2.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\slovak_cp1250.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\slovak.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\sinhala.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\sinhala-phonetic_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\serbian_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\serbian_iso-8859-5.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\serbian_iso-8859-2.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\serbian_cp1251.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\serbian_cp1250.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\serbian.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\serbian-latin_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\serbian-latin.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\russian-yawerty.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\russian-jcukenwintype.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\russian-jcukenwin.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\russian-jcukenmac.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\russian-jcuken.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\russian-dvorak.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\polish-slash_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\polish-slash_iso-8859-2.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\polish-slash_cp852.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\polish-slash_cp1250.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\polish-slash.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\pinyin.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\persian.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\persian-iranian_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\mongolian_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\magyar_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\lithuanian-baltic.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\kazakh-jcuken.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\kana.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\hebrewp_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\hebrewp_iso-8859-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\hebrewp_cp1255.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\hebrewp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\hebrew_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\hebrew_iso-8859-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\hebrew_cp1255.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\hebrew.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\greek_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\greek_iso-8859-7.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\greek_cp737.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\greek_cp1253.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\greek.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\esperanto_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\esperanto.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\dvorak.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\czech_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\czech.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\croatian_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\croatian_iso-8859-2.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\croatian_cp1250.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\croatian.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\canfr-win.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\bulgarian-phonetic.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\bulgarian-bds.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\belarusian-jcuken.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\armenian-western_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\armenian-eastern_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\arabic_utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\arabic.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\accents.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\keymap\README.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\zh_TW.UTF-8\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\zh_TW\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\zh_CN.UTF-8\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\zh_CN\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\vi\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\uk\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\sv\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\sk\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\ru\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\pt_BR\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\pl.UTF-8\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\pl\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\no\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\nl\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\nb\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\ko.UTF-8\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\ko\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\ja\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\it\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\ga\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\fr\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\fi\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\es\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\eo\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\en_GB\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\de\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\cs\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\ca\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\af\LC_MESSAGES\vim.mo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_zh_tw.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_zh_tw.cp950.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_zh_tw.big5.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_zh_cn.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_zh_cn.gbk.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_zh_cn.gb2312.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_zh_cn.cp936.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_zh_cn.18030.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_zh.gb2312.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_zh.cp950.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_zh.cp936.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_zh.big5.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_vi_vn.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_uk_ua.koi8-u.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_uk_ua.cp1251.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sv_se.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sv_se.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sv.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sv.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sr_yu.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sr_yu.iso_8859-5.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sr_yu.iso_8859-2.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sr_yu.ascii.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sr_rs.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sr_rs.iso_8859-5.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sr_rs.iso_8859-2.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sr_rs.ascii.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sr.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_spanish_spain.850.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_slovak_slovak_republic.1250.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sl_si.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sl_si.latin2.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sl_si.cp1250.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sk_sk.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sk_sk.iso_8859-2.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sk_sk.cp1250.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sk_sk.1250.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_sk.cp1250.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ru_ru.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ru_ru.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ru_ru.koi8-r.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ru.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_pt_pt.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_pt_pt.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_pt_pt.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_pt_br.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_pt_br.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_pt_br.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_polish_poland.1250.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_pl_pl.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_pl_pl.iso_8859-2.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_pl_pl.cp1250.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_pl.cp1250.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_no_no.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_no_no.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_no.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_no.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_nl_nl.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_nl_nl.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_nl.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_nl.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ko_kr.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ko_kr.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ko_kr.euckr.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ko.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_japanese_japan.932.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ja_jp.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ja_jp.ujis.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ja_jp.eucjp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ja_jp.euc-jp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ja_jp.cp932.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ja.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ja.ujis.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ja.eucjp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ja.euc-jp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ja.cp932.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_italian_italy.1252.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_it_it.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_it_it.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_it.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_it.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_hu_hu.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_hu_hu.iso_8859-2.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_hu.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_hu.iso_8859-2.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_german_germany.1252.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_french_france.1252.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_fr_fr.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_fr_fr.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_fr.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_fr.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_finnish_finland.1252.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_fi_fi.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_fi_fi.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_fi.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_fi.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_es_es.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_es_es.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_es.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_es.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_eo_xx.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_eo_eo.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_eo.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_english_united_kingdom.ascii.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_english_united_kingdom.1252.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_en_gb.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_en_gb.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_de_de.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_de_de.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_de.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_de.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_czech_czech_republic.ascii.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_czech_czech_republic.1252.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_czech_czech_republic.1250.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_cs_cz.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_cs_cz.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_cs_cz.iso_8859-2.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_cs_cz.cp1250.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_cs.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_cs.cp1250.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_chinese_taiwan.950.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_chinese_gb.936.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_chinese(taiwan)_taiwan.950.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_chinese(gb)_gb.936.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ca_es.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ca_es.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ca.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_ca.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_af_af.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_af_af.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_af.utf-8.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\menu_af.latin1.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\lang\README.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\gvimext.dll",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\vim.exe",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\B7B9.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.zh_tw.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.zh_cn.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.zh.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.zh.euc",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.zh.big5",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.vi.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.uk.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.tr.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.tr.iso9",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.sv.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.sv",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.sr.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.sr.cp1250",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.sk.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.sk.cp1250",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.sk",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.ru.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.ru.cp1251",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.ru",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.pt.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.pt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.pl.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.pl.cp1250",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.pl",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.no.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.no",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.nl.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.nl",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.nb.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.nb",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.ko.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.ko.euc",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.ja.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.ja.sjis",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.ja.euc",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.it.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.it",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.hu.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.hu.cp1250",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.hu",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.hr.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.hr.cp1250",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.hr",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.fr.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.fr",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.es.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.es",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.eo.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.eo",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.el.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.el.cp737",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.el",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.de.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.de",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.cs.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.cs.cp1250",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.cs",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.ca.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.ca",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.bg.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.bar.utf-8",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor.bar",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\tutor",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\README.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\README.el.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\README.el.cp737.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tutor\Makefile",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\xcmdsrv_client.c",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\vimspell.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\vimspell.sh",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\vimm",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\vim_vs_net.cmd",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\vim132",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\unicode.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\shtags.pl",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\shtags.1",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\rename.bat",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\ref",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\pltags.pl",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\mve.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\mve.awk",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\efm_perl.pl",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\efm_filter.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\efm_filter.pl",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\demoserver.py",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\ccfilter_README.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\ccfilter.c",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\ccfilter.1",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\blink.c",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tools\README.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\spell\en.utf-8.sug",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\spell\en.latin1.sug",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\spell\en.ascii.sug",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\spell\en.utf-8.spl",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\spell\en.latin1.spl",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\spell\en.ascii.spl",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\spell\yi.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\spell\spell.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\spell\he.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\spell\fixdup.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\spell\cleanadd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\spell\check_locales.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\spell\README_en.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\spell\README.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\zsh.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\zimbu.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\z8a.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\yaml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\yacc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\xxd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\xslt.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\xsd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\xs.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\xquery.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\xpm2.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\xpm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\xmodmap.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\xml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\xmath.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\xkb.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\xinetd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\xhtml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\xf86conf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\xdefaults.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\xbl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\wvdial.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\wsml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\wsh.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\wml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\winbatch.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\whitespace.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\wget.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\webmacro.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\web.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\wdiff.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\vsejcl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\vroom.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\vrml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\voscm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\vmasm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\virata.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\viminfo.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\vim.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\vhdl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\vgrindefs.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\verilogams.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\verilog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\vera.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\vb.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\valgrind.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\usw2kagtlog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\usserverlog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\upstreamrpt.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\upstreamlog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\upstreaminstalllog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\upstreamdat.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\upstart.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\updatedb.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\uil.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\udevrules.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\udevperm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\udevconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\uc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tt2js.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tt2html.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tt2.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tssop.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tssgm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tsscl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tsalt.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\trustees.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\treetop.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\trasys.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tpp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tli.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tilde.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tidy.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\texmf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\texinfo.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tex.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\terminfo.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\teraterm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tcsh.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tcl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tasm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\taskedit.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\taskdata.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tar.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\takout.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\takcmp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tak.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tags.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\tads.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\systemverilog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\systemd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sysctl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\syntax.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\synload.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\syncolor.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\svn.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\svg.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sudoers.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\strace.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\stp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\stata.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\st.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sshdconfig.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sshconfig.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\srec.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\squid.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sqr.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sqloracle.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sqlj.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sqlinformix.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sqlhana.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sqlforms.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sqlanywhere.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sql.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\spyce.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\spup.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\splint.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\spice.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\specman.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\spec.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\snobol4.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\snnsres.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\snnspat.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\snnsnet.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\smith.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\smil.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\smcl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\smarty.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\slrnsc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\slrnrc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\slpspi.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\slpreg.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\slpconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\slice.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\slang.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\skill.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sisu.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sindaout.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sindacmp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sinda.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\simula.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sieve.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sicad.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sh.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sgmllnx.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sgmldecl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sgml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\setserial.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\services.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sensors.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sendpr.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sed.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sdl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sdc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\scss.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\screen.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\scilab.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\scheme.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\scala.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sather.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sass.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\sas.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\samba.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ruby.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\rtf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\rst.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\rrst.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\rpl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\rpcgen.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\robots.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\rnoweb.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\rng.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\rnc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\rmd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\rib.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\rhelp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\rexx.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\reva.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\resolv.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\remind.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\registry.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\redif.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\rebol.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\readline.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\rcslog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\rcs.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\rc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ratpoison.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\radiance.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\racc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\r.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\quake.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\qf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\python.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\pyrex.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\purifylog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ptcap.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\psf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\protocols.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\proto.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\promela.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\prolog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\progress.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\procmail.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\privoxy.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\prescribe.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ppwiz.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ppd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\povini.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\pov.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\postscr.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\pod.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\po.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\plsql.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\plp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\plm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\pli.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\plaintex.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\pinfo.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\pine.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\pilrc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\pike.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\pic.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\phtml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\php.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\pfmain.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\pf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\perl6.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\perl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\pdf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\pccts.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\pcap.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\passwd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\pascal.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\papp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\pamconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ora.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\opl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\openroad.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\omnimark.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\occam.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ocaml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\objcpp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\objc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\obj.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\nsis.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\nroff.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\nqc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\nosyntax.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ninja.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\netrw.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\netrc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ncf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\natural.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\nastran.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\nasm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\nanorc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\named.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mysql.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\muttrc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mush.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mupad.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\msql.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\msmessages.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\msidl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mrxvtrc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mplayerconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\moo.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\monk.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\modula3.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\modula2.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\modsim3.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\model.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\modconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mmp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mmix.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mma.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mix.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mib.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mgp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mgl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\messages.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mel.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\maxima.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\matlab.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\master.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mason.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\masm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\markdown.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\maple.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\manual.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\manconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\man.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mallard.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\make.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mailcap.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mailaliases.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\mail.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\m4.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\lynx.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\lua.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\lss.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\lsl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\lscript.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\lprolog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\lpc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\lout.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\lotos.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\logtalk.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\logindefs.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\loginaccess.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\litestep.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\lite.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\lisp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\liquid.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\limits.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\lilo.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\lifelines.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\libao.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\lhaskell.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\lftp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\lex.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\less.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ldif.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ldapconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ld.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\latte.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\lace.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\kwt.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\kscript.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\kix.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\kivy.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\kconfig.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\jsp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\json.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\jproperties.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\jovial.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\jgraph.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\jess.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\javascript.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\javacc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\java.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\jargon.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\jam.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\jal.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\j.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ist.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\iss.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ishd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ipfilter.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\inittab.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\initng.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\initex.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\inform.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\indent.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\idlang.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\idl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\icon.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\icemenu.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ibasic.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ia64.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\htmlos.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\htmlm4.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\htmldjango.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\htmlcheetah.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\html.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\hostsaccess.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\hostconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\hog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\hitest.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\hgcommit.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\hex.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\hercules.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\help.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\hb.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\hastepreproc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\haste.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\haskell.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\hamster.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\haml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\gtkrc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\gsp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\grub.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\group.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\groovy.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\groff.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\gretl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\grads.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\gprof.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\gpg.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\gp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\godoc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\go.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\gnuplot.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\gnash.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\gkrellmrc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\gitsendemail.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\gitrebase.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\gitolite.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\gitconfig.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\gitcommit.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\git.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\gedcom.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\gdmo.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\gdb.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\fvwm2m4.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\fvwm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\fstab.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\freebasic.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\framescript.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\foxpro.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\fortran.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\forth.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\form.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\focexec.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\flexwiki.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\fgl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\fetchmail.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\fdcc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\fasm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\fan.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\falcon.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\exports.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\expect.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\exim.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\eviews.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\euphoria4.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\euphoria3.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\eterm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\esterel.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\esqlc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\esmtprc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\eruby.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\erlang.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\elmfilt.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\elinks.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\elf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\eiffel.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\edif.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ecd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dylanlid.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dylanintr.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dylan.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dts.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dtrace.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dtml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dtd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dsl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dracula.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\doxygen.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dot.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dosini.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dosbatch.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dockerfile.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\docbkxml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\docbksgml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\docbk.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dnsmasq.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dns.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\django.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\diva.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dirpager.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dircolors.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\diff.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dictdconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dictconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\desktop.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\desc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\denyhosts.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\def.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\debsources.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\debcontrol.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\debchangelog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dcl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\dcd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\datascript.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\d.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cynpp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cynlib.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cweb.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cvsrc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cvs.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cuplsim.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cupl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cuda.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cucumber.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ctrlh.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cterm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\css.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\csp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\csh.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\csdl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\csc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cs.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\crontab.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\crm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cpp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\context.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\config.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\conf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\conaryrecipe.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\colortest.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\coco.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cobol.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cmusrc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cmake.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\clojure.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\clipper.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\clean.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\chordpro.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\chill.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cheetah.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\chaskell.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\changelog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\change.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\chaiscript.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ch.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cfg.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cdrtoc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cdrdaoconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cdl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\catalog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\calendar.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\cabal.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\c.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\bzr.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\bzl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\btm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\bst.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\blank.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\bindzone.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\bib.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\bdf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\bc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\basic.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\baan.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\b.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ayacc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\awk.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\avra.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ave.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\automake.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\autoit.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\autohotkey.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\atlas.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\asteriskvm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\asterisk.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\aspvbs.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\aspperl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\asn.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\asmh8300.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\asm68k.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\asm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\asciidoc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\art.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\arduino.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\arch.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\aptconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\apachestyle.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\apache.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\antlr.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ant.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ampl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\aml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\amiga.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\alsaconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ahdl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\aflex.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\ada.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\acedb.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\abel.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\abc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\abaqus.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\abap.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\aap.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\a65.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\a2ps.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\README.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\syntax\2html.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\xml\xsl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\xml\xsd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\xml\xhtml11.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\xml\xhtml10t.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\xml\xhtml10s.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\xml\xhtml10f.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\xml\html40t.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\xml\html40s.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\xml\html40f.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\xml\html401t.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\xml\html401s.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\xml\html401f.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\xml\html32.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\zip.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\xmlcomplete.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\vimball.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\tohtml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\tar.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\syntaxcomplete.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\sqlcomplete.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\spellfile.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\rubycomplete.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\pythoncomplete.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\python3complete.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\phpcomplete.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\paste.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\netrw_gitignore.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\netrwSettings.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\netrwFileHandlers.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\netrw.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\javascriptcomplete.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\htmlcomplete.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\gzip.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\gnat.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\getscript.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\decada.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\csscomplete.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\contextcomplete.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\context.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\clojurecomplete.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\ccomplete.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\adacomplete.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\ada.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\autoload\README.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\plugin\zipPlugin.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\plugin\vimballPlugin.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\plugin\tohtml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\plugin\tarPlugin.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\plugin\spellfile.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\plugin\rrhelper.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\plugin\netrwPlugin.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\plugin\matchparen.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\plugin\manpager.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\plugin\logiPat.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\plugin\gzip.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\plugin\getscriptPlugin.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\plugin\README.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\pack\dist\opt\swapmouse\plugin\swapmouse.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\pack\dist\opt\shellmenu\plugin\shellmenu.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\pack\dist\opt\matchit\plugin\matchit.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\pack\dist\opt\matchit\doc\tags",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\pack\dist\opt\matchit\doc\matchit.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\pack\dist\opt\justify\plugin\justify.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\pack\dist\opt\editexisting\plugin\editexisting.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\pack\dist\opt\dvorak\plugin\dvorak.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\pack\dist\opt\dvorak\dvorak\enable.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\pack\dist\opt\dvorak\dvorak\disable.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\macros\swapmous.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\macros\shellmenu.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\macros\matchit.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\macros\less.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\macros\less.sh",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\macros\less.bat",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\macros\justify.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\macros\editexisting.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\macros\README.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\zsh.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\zimbu.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\yaml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\yacc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\xslt.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\xsd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\xml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\xinetd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\xhtml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\xf86conf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\vroom.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\vim.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\vhdl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\verilog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\vb.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\treetop.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\tilde.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\tf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\tex.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\teraterm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\tcsh.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\tcl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\systemverilog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\systemd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\sqlanywhere.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\sql.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\sml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\sh.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\sdl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\scss.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\scheme.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\scala.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\sass.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\ruby.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\rst.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\rrst.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\rpl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\rnoweb.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\rmd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\rhelp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\readline.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\r.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\python.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\pyrex.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\prolog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\pov.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\postscr.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\php.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\perl6.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\perl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\pascal.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\occam.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\ocaml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\objc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\mp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\mma.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\mf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\matlab.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\make.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\mail.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\lua.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\logtalk.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\lisp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\liquid.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\lifelines.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\less.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\ld.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\jsp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\json.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\javascript.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\java.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\j.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\ishd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\idlang.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\htmldjango.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\html.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\hog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\hamster.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\haml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\go.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\gitolite.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\gitconfig.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\framescript.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\fortran.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\falcon.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\eterm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\eruby.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\erlang.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\eiffel.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\dylan.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\dtrace.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\dtd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\docbk.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\dictdconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\dictconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\d.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\cuda.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\cucumber.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\css.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\cs.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\cpp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\context.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\config.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\cobol.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\cmake.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\clojure.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\changelog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\chaiscript.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\ch.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\cdl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\c.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\bzl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\bst.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\bib.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\awk.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\automake.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\ant.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\ada.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\aap.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent\README.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\zsh.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\zimbu.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\yaml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\xslt.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\xsd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\xs.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\xmodmap.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\xml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\xinetd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\xhtml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\xf86conf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\xdefaults.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\vroom.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\vim.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\vhdl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\verilog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\vb.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\updatedb.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\udevrules.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\udevperm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\udevconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\tt2html.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\treetop.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\text.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\tex.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\terminfo.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\tcsh.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\tcl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\systemverilog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\systemd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\sysctl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\svg.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\sudoers.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\sshconfig.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\sql.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\spec.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\slpspi.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\slpreg.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\slpconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\sieve.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\sh.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\sgml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\setserial.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\services.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\sensors.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\scss.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\screen.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\scheme.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\scala.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\sass.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\ruby.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\rst.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\rrst.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\rpl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\rnoweb.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\rnc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\rmd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\rhelp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\reva.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\registry.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\readline.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\racc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\r.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\quake.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\qf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\python.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\pyrex.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\protocols.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\prolog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\procmail.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\postscr.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\plaintex.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\pinfo.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\php.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\perl6.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\perl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\pdf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\passwd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\pascal.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\pamconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\occam.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\ocaml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\objc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\nsis.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\netrc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\nanorc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\muttrc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\msmessages.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\mrxvtrc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\mplayerconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\mp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\modconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\mf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\matlab.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\markdown.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\manconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\man.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\make.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\mailcap.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\mailaliases.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\mail.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\m4.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\lua.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\lprolog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\logtalk.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\logtalk.dict",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\logindefs.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\loginaccess.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\logcheck.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\lisp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\liquid.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\limits.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\libao.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\lftp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\less.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\ld.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\kwt.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\kconfig.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\jsp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\json.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\jproperties.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\javascript.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\java.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\j.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\ishd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\initex.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\indent.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\htmldjango.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\html.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\hostsaccess.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\hostconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\hog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\hgcommit.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\help.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\haskell.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\hamster.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\haml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\grub.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\group.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\groovy.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\gprof.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\gpg.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\go.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\gitsendemail.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\gitrebase.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\gitconfig.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\gitcommit.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\git.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\fvwm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\framescript.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\fortran.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\flexwiki.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\fetchmail.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\falcon.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\eterm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\eruby.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\erlang.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\elinks.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\eiffel.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\dtrace.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\dtd.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\dosini.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\dosbatch.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\dockerfile.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\docbk.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\dircolors.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\diff.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\dictdconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\dictconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\denyhosts.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\debcontrol.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\debchangelog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\cvsrc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\cucumber.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\css.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\csh.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\csc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\cs.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\crm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\cpp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\context.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\config.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\conf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\cobol.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\clojure.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\changelog.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\ch.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\cdrdaoconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\calendar.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\c.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\bzl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\btm.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\bst.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\bdf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\automake.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\aspvbs.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\art.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\arch.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\ant.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\alsaconf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\ada.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\abaqus.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\abap.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\aap.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\a2ps.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin\README.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\tags",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\workshop.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\windows.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\visual.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\vi_diff.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\version8.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\version7.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\version6.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\version5.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\version4.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\various.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_toc.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_90.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_45.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_44.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_43.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_42.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_41.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_40.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_32.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_31.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_30.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_29.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_28.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_27.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_26.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_25.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_24.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_23.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_22.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_21.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_20.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_12.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_11.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_10.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_09.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_08.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_07.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_06.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_05.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_04.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_03.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_02.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\usr_01.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\undo.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\uganda.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\uganda.nsis.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\todo.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\tips.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\term.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\tagsrch.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\tabpage.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\syntax.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\starting.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\sponsor.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\spell.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\sign.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\scroll.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\russian.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\rileft.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\repeat.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\remote.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\recover.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\quotes.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\quickref.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\quickfix.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\print.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\pi_zip.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\pi_vimball.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\pi_tar.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\pi_spec.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\pi_paren.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\pi_netrw.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\pi_logipat.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\pi_gzip.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\pi_getscript.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\pattern.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\os_win32.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\os_vms.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\os_unix.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\os_risc.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\os_qnx.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\os_os2.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\os_msdos.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\os_mint.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\os_mac.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\os_dos.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\os_beos.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\os_amiga.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\os_390.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\options.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\netbeans.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\motion.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\mlang.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\message.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\mbyte.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\map.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\intro.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\insert.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\index.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\indent.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\if_tcl.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\if_sniff.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\if_ruby.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\if_pyth.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\if_perl.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\if_ole.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\if_mzsch.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\if_lua.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\if_cscop.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\howto.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\helphelp.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\help.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\hebrew.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\hangulin.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\gui_x11.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\gui_w32.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\gui.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\ft_sql.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\ft_ada.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\fold.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\filetype.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\farsi.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\eval.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\editing.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\digraph.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\diff.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\develop.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\debugger.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\debug.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\cmdline.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\channel.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\change.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\autocmd.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\doc\arabic.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\xmlwf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\xmllint.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\xbuild.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\tidy.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\tex.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\tcl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\splint.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\se.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\sass.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\rubyunit.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\ruby.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\rst.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\rspec.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\rake.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\pyunit.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\php.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\perl.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\pbx.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\onsgmls.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\ocaml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\neato.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\msvc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\msbuild.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\modelsim_vcom.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\mipspro_cpp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\mipspro_c89.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\mips_c.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\mcs.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\jikes.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\javac.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\irix5_cpp.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\irix5_c.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\intel.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\ifort.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\icc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\hp_acc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\haml.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\go.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\gnat.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\gfortran.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\gcc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\g95.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\fpc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\fortran_lf95.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\fortran_g77.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\fortran_elf90.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\fortran_cv.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\fortran_F.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\eruby.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\erlang.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\dot.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\decada.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\cucumber.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\cs.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\context.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\checkstyle.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\bdf.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\bcc.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\ant.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\compiler\README.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\zellner.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\torte.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\slate.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\shine.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\ron.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\peachpuff.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\pablo.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\murphy.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\morning.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\koehler.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\industry.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\evening.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\elflord.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\desert.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\delek.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\default.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\darkblue.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\blue.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\colors\README.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\rgb.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\vimrc_example.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\synmenu.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\scripts.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\optwin.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\mswin.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\menu.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\makemenu.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\macmap.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indoff.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\indent.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\gvimrc_example.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugof.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftplugin.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\ftoff.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\filetype.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\evim.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\delmenu.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\defaults.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\bugreport.vim",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\uninstal.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\README.txt",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\vimtutor.bat",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\diff.exe",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\xxd.exe",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\tee.exe",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\vimrun.exe",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\uninstal.exe",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\install.exe",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Program Files (x86)\Vim\vim80\gvim.exe",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\gvim80-069.exe","C:\Users\User\AppData\Local\Temp\install.exe",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\54F0.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\4ED7.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2881.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\FEF1.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\FB67.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F06E.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\A106.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9AFD.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9966.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8E4E.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\8f6e4ce6-bc4e-40d4-970e-092eb658cb71\index-dir\temp-index",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CHURQJW5P55N2TNK31XH.temp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6C76.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6303.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6295.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6284.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\6052.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\29E2.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\29C2.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\8f6e4ce6-bc4e-40d4-970e-092eb658cb71\index-dir\temp-index",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\33E.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\FAD4.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RH8Q36G7VRF5N94U73W4.temp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\D2D5.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C379.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C30B.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C30A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\C0C8.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8FA1.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\8F52.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\3723.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\A34C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C462.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\15EA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C930.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8EAD.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\677E.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\56CA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\405C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\19E8.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\194B.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F239.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CB28.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9088.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\55F7.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\1B76.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\F64.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F445.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CD35.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\A614.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6BA3.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4473.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9F2.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\D74D.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CF60.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\A821.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9CBB.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\97BA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\810E.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\59FC.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\32EB.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\1185.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\BD9.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E4B9.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\BDB8.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9698.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6F87.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\34F6.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2D67.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\DD5.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E6C4.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\DDCE.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\B046.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\AC30.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\8f6e4ce6-bc4e-40d4-970e-092eb658cb71\index-dir\temp-index",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\851F.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\6F6C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4A7E.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\2DD9.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\FAE.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\8f6e4ce6-bc4e-40d4-970e-092eb658cb71\index-dir\temp-index",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F04B.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\f5613423-2378-4719-9a8c-5e164bc7469b\index-dir\temp-index",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\C64D.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\BC7C.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Z44J1XJ2WC2UVBRH1GJL.temp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\B612.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8DF9.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8DAA.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\f5613423-2378-4719-9a8c-5e164bc7469b\index-dir\temp-index",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\f5613423-2378-4719-9a8c-5e164bc7469b\index-dir\temp-index",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\f5613423-2378-4719-9a8c-5e164bc7469b\index-dir\temp-index",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\861A.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\85CB.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\7B4F.tmp",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\v6-win7sp1-wuredir.cab",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\Packages\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.cab",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\Packages\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.cab",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\Packages\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320.cab",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupHandler.cab",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320.mum",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\wuident-inner.cab",2
"2017-01-11T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\wuident.txt",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe","C:\Windows\Temp\9b730936-c8d5-4193-b8bc-0d8593ca8994\mpengine.dll._p",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe","C:\Windows\Temp\9b730936-c8d5-4193-b8bc-0d8593ca8994\mpasbase.vdm._p",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe","C:\Windows\Temp\9b730936-c8d5-4193-b8bc-0d8593ca8994\mpasdlta.vdm",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe","C:\Windows\Temp\9b730936-c8d5-4193-b8bc-0d8593ca8994\MPSigStub.exe",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\cc3e7da05e74e49404bde50aeff2d489\BIT17D7.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6044.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\f5613423-2378-4719-9a8c-5e164bc7469b\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\6033.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\5CE8.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\f5613423-2378-4719-9a8c-5e164bc7469b\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Q8D3A6PHA2LIMH6OSNB0.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2918.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2179.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2149.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2138.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\20F9.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\f5613423-2378-4719-9a8c-5e164bc7469b\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\f5613423-2378-4719-9a8c-5e164bc7469b\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\3CC3.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\3CB2.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\3CB1.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\f5613423-2378-4719-9a8c-5e164bc7469b\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\A9D4.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\A550.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\7D27.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\f5613423-2378-4719-9a8c-5e164bc7469b\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\1C90.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SBSWYVCA3SCCE43OK66T.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E8A0.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E140.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E0D2.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E0D1.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\E0A1.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\AB13.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\AAF2.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\91A7.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E44.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\Logs\CBS\CbsPersist_20170110065449.cab",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QOPBTWMP0G8VZKKBM2SG.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\E943.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\9A77.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\7E7E.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\3D77.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\31B4.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\30C9.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SC2Q60R9HLQ10XGZP39O.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6F7.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\FE3F.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\FE00.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\FDEF.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\FDB0.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 02A1C9075CE0464782A53D67B35F88C3.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 89D22A1975D040af86DAE84E6586E716.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3E580BC5B68E4c598C982A94F3FD8030.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9B1CABFAEE874b058ACAFDBC7823E8CF.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F20A3ED6CB47427bA17C680A25006FF4.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 991420BCF4B44e9a896DA0BEC9366EF5.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4660424B3DF04f408AB35FAD32C7181B.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D7A8F7AF53CE4b85B5A2B533C4EE89D9.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E2DD4FA6B770416eA496E81C1F673823.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BDE7BFEA1570456cA98C71F17E943BAB.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CCEF838C01314797B7ED125AE430411A.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 52B97A1338AE4bcb85C1D049B36CADB9.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 84C482C3B2F746c8AC76FE85CD91F294.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1E2E5F7150C94d13A98F9DA1D7DDA978.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EE298D72E5874bee87050706B8227369.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4DC50952E52148ce874E5DB764D6F013.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8267F487750643518DBCAA35D5452515.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A576E8C12BF6406e994822CCD3668688.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 99E128224F7048ef9BCDE8932D2CC3BA.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F7E11E97294B4a488809B1E6D04BEBDE.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 78EA81E3DE864dfe9F74FD88D7CE6B93.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 58D3CC5ABABF4295A1BFB60E6BBBCF48.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7FDC60D278B94cf3B7EDF184FB17F0D6.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 930E85843B5E4731A8A176C071912677.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6A9688DE45CA42508650E064E2F0B8C9.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~usic.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ideos.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ictures.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ocuments.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ictures.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ocuments.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ideos.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~usic.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~usic.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ideos.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ictures.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ocuments.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ictures.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ocuments.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~ideos.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\regsvr32.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Libraries\~usic.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 70FE4FAFA1744ffd82A5E66861587C13.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7B823275D89C4fc9B2A1BAEA7789EC85.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BCD406752A764fa2977A92B8A7FB2648.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0CA70375992C47578B36221AEA258303.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C8242E0BEC2642e782C56F5FAE7852BC.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 43E8EA6C41064589B1ED0E0D22EE941B.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 88BA9EDF45AC4ee2B84C38775CB94486.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4424C98F6EE243edBD7BD08A3A6C62A2.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\FXSAPI.DLL",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\FXSRES.DLL",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\FXSTIFF.DLL",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\FXSWZRD.DLL",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\FXSUI.DLL",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\FXSUI.DLL",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\FXSDRV.DLL",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{9F23E396-9664-4D9B-982C-D7CB410ADCA2}\SET8D8C.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{9F23E396-9664-4D9B-982C-D7CB410ADCA2}\SET8D8B.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{9F23E396-9664-4D9B-982C-D7CB410ADCA2}\SET8D7A.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{9F23E396-9664-4D9B-982C-D7CB410ADCA2}\SET8D6A.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{9F23E396-9664-4D9B-982C-D7CB410ADCA2}\SET8D59.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{9F23E396-9664-4D9B-982C-D7CB410ADCA2}\SET8D39.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\tsprint.dll",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{8FBE64A1-302C-49DD-A825-32DA91C77947}\SET8C2F.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{8FBE64A1-302C-49DD-A825-32DA91C77947}\SET8C2E.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{8FBE64A1-302C-49DD-A825-32DA91C77947}\SET8C2D.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{8FBE64A1-302C-49DD-A825-32DA91C77947}\SET8C2C.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{8FBE64A1-302C-49DD-A825-32DA91C77947}\SET8C2B.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\mxdwdui.dll",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{C74EA82E-A3DB-4185-B053-B920969EE333}\SET7A6E.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{C74EA82E-A3DB-4185-B053-B920969EE333}\SET7A6D.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{C74EA82E-A3DB-4185-B053-B920969EE333}\SET7A6C.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{C74EA82E-A3DB-4185-B053-B920969EE333}\SET7A6B.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{C74EA82E-A3DB-4185-B053-B920969EE333}\SET7A6A.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{C74EA82E-A3DB-4185-B053-B920969EE333}\SET7A69.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{C74EA82E-A3DB-4185-B053-B920969EE333}\SET7A68.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{C74EA82E-A3DB-4185-B053-B920969EE333}\SET7A67.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{C74EA82E-A3DB-4185-B053-B920969EE333}\SET7A56.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{C74EA82E-A3DB-4185-B053-B920969EE333}\SET7A55.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{C74EA82E-A3DB-4185-B053-B920969EE333}\SET7A54.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{C74EA82E-A3DB-4185-B053-B920969EE333}\SET7A53.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{C74EA82E-A3DB-4185-B053-B920969EE333}\SET7A52.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{689401d4-c6f9-6253-0d1c-ba5c43cf2937}\SET7928.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{689401d4-c6f9-6253-0d1c-ba5c43cf2937}\SET7927.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{689401d4-c6f9-6253-0d1c-ba5c43cf2937}\SET7926.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{689401d4-c6f9-6253-0d1c-ba5c43cf2937}\SET7925.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\DrvInst.exe","C:\Windows\System32\DriverStore\Temp\{689401d4-c6f9-6253-0d1c-ba5c43cf2937}\SET7924.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\Temp\{12169fb3-4aee-63f5-f2a7-d9378b71ed3f}\SET78AC.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\Temp\{12169fb3-4aee-63f5-f2a7-d9378b71ed3f}\SET78AB.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\Temp\{12169fb3-4aee-63f5-f2a7-d9378b71ed3f}\SET789A.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\Temp\{12169fb3-4aee-63f5-f2a7-d9378b71ed3f}\SET7889.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\Temp\{12169fb3-4aee-63f5-f2a7-d9378b71ed3f}\SET7888.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\XPSSVCS.DLL",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\UNIRES.DLL",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\UNIDRV.DLL",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\unidrvui.dll",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\mxdwdrv.dll",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{3485930A-FB35-461E-9464-71034E2E8D02}\SET766B.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{3485930A-FB35-461E-9464-71034E2E8D02}\SET766A.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{3485930A-FB35-461E-9464-71034E2E8D02}\SET764A.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{3485930A-FB35-461E-9464-71034E2E8D02}\SET7639.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{3485930A-FB35-461E-9464-71034E2E8D02}\SET7638.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{3485930A-FB35-461E-9464-71034E2E8D02}\SET7608.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{3485930A-FB35-461E-9464-71034E2E8D02}\SET75E8.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{3485930A-FB35-461E-9464-71034E2E8D02}\SET75E7.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{3485930A-FB35-461E-9464-71034E2E8D02}\SET75B7.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{3485930A-FB35-461E-9464-71034E2E8D02}\SET75A7.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{3485930A-FB35-461E-9464-71034E2E8D02}\SET75A6.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{3485930A-FB35-461E-9464-71034E2E8D02}\SET7595.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{3485930A-FB35-461E-9464-71034E2E8D02}\SET7584.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\PS5UI.DLL",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\PSCRIPT5.DLL",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{B054FD55-F7B3-405D-AB9B-5D7DD51AD117}\SET6406.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{B054FD55-F7B3-405D-AB9B-5D7DD51AD117}\SET6405.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{B054FD55-F7B3-405D-AB9B-5D7DD51AD117}\SET63F5.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{B054FD55-F7B3-405D-AB9B-5D7DD51AD117}\SET63F4.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{B054FD55-F7B3-405D-AB9B-5D7DD51AD117}\SET63F3.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{B054FD55-F7B3-405D-AB9B-5D7DD51AD117}\SET63E2.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{B054FD55-F7B3-405D-AB9B-5D7DD51AD117}\SET63E1.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{B054FD55-F7B3-405D-AB9B-5D7DD51AD117}\SET63E0.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A580AB0E169347c0AE1537126455A347.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B88D8F8174F54979B9950D832BC0586C.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C439ED9E1BF24f55B0AFE94D2CF2BCB1.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B702DB8628414382BFEDE54231FF7EA3.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 46B132D854DC4b0f966C9057D8A27111.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 41002B1D3D0E47558D456E31AB8EA9B1.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET68.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET67.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET66.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET56.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET55.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET54.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET53.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET52.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET41.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SET40.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF74.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF73.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF72.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF43.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF42.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF41.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF30.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF2F.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF2E.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF2D.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF1C.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF1B.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF1A.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF19.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SETFF09.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF08.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF07.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFF06.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETFEE6.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF6F9.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF6E8.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF62C.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF5BE.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SETF5AD.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SETF5AC.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SETF5AB.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF5AA.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF599.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SETF579.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SETF578.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SETF568.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SETF567.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF537.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF536.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF535.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF534.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF514.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SETF503.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SETF502.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF501.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF4C2.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SETF4B1.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF4B0.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF490.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF47F.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF47E.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF47D.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF46D.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF46C.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF45B.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF38F.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF37F.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF301.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF2F0.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF2E0.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF2BF.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF251.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF250.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF230.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF210.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF20F.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF1B0.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF1AF.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF1AE.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF17E.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF15E.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF0C1.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF0C0.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETF0B0.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETEFB5.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETEFB4.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETEFA3.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETEEC8.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETEEB7.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SETEEA7.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETEE96.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETEE95.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETEE85.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETEDE8.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETECBE.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETECAE.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETEC9D.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETEC8C.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETEC8B.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETEC8A.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SETEC6A.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETEC5A.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SETEBBD.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\SETEBBB.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETEBAA.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETEBA9.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\servicing\TrustedInstaller.exe","C:\Windows\System32\drivers\SETEB98.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E5B9B88C8954403fBB45EC367F93ECEA.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD0A2EEB10DB4e74BBDFD44AFE602844.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 16AC138060B74239B2AAFA09520478BE.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 18DD9FFA116F4f65890AFC779D38B102.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\245634cd726e4f2eda4379a210dfbe70\BITB101.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3134A651AE3B4dc3A09EFA181762DC0C.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4B268DC4EB0B4516934AA4DFE3704AC2.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 762716E4D38B426bA6FD8F6B27C128F5.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 13A46D12C3844da691E4788420BB3DB1.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 379D4116E61C4b278E284FA95D24DDB1.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A49920A87A4E42f0951E00B38CEE53CA.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 708D95D70CDC41bd83B231D58A907E6B.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 830D0866CDE94f5cA420990211773D32.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D83B3D969CA94a76B9CFB7125D5AF68D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C78BF31AB8504775BC5F96C4120CF943.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F9A9F187EBAB468dB370FD56C64D8F9C.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BC7C1BA5EAAB48b781DCAC4E642913CD.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7DA6DEE8AD8643eeBCF945F937412062.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D8050510F9A544c2B2DFF266B1889705.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9ECC.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\9D83.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\947D.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\9180.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9430R09O8BLI3ZJX4YPR.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6D5A.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 69BD2491F5C74415BB432D317E8ED592.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F2034242BF984d93BAC8B647F91BE8EB.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DDFD783684CC41129C8860ECB2556D2D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\50A5.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4D4A.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4D0B.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\4B26.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F96B2527AD664869B437C9D4590EBFF5.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4F25B80519984f34986E8F579941C84F.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D26F1AE60D7340e4853FCCDFDF1A2FC3.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 908C335967ED49fe96039C50AB9DB040.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B6AC3DB0CA5B406684AA9E4CEB6EA0A7.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5EF12A2637DC45eeBA9BD9F9E03E23EA.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F963A3975CEB423197DC0946C45F7D76.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F3146855E29C4db6A9AB4D8CB76C4EA4.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F0A5D221616649368DDF66FCACC6FE52.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8B1B642E98FE43a9B5D7CEC049A15236.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 829643C144614f55A58B8D5FC5FCF4ED.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2666B28682E4402dA2AAB74CA6001E3C.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 00D2815A11E8481c8E93359DE922A936.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A75893CB87074473A16E873BFB1FEC93.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6A15A1D02A384862ADAE929A72134700.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DF26535081B64cb792813A38A6C8872C.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6F48F880F80A47ef80671B87988458F2.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 38F7874F19F74d2488AC8949E64F063F.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 50C9D85781FA4d8f84B70DBBA9A57AAA.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EDD9055BDD934e10932431EA9208CF96.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D6A968BF5BA54c9eBE31D86D57BBF7BC.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DE3C2D43A41F4aa4989491010C439846.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7BDF17EC2ED649ca92DE566A28EDD942.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 19A3A2C46A4145a0AC238AF8A3E553B7.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A57F839109454f75803F323362616D9D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2BDBC5B4E776496688D685D44AF996EB.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D6C79BFECB9C495aA0ABD4AA49E6ADB7.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C89AB592421C4d84928B56DA8B19AF9E.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9CCF7A51215346f1B51D1DD6ACEA3F67.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E573D89F71634de192461C4FBE3C0934.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 99D11142D5574023A59C171CA44A9D8C.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C326825DCC024c0bA26BFEE7108A451A.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ADBB9B1F7B324397A9A277B26EDF421C.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7F8002A5E9C548518740D2003AE36C62.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4BC08E1AD1D147acB060E9E98ADE0626.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 120667556D134a4a9F190D9998F83803.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E2C49A160D5442adB320167A47DE2171.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2BF58613F81045bcA31D7E48F0027BB6.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 292FC377AE594c44A3BC4FE96C8A26DA.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9B9BDDB458584eacAE415A0782C4A13F.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 73099BA9035049529429CF280FA94724.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 37135ABCDAA64d57836C248E0378E648.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 66DC2B40DFDC4d9dBDB633947963E522.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB9D0DA5A1E2407fA0B060B0FBF72645.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BC0591816D2F4da781E921E8449F3B8B.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3F31A1ECA81148fcA698315506144CAE.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A36B390D0CD5413cA95FA2F3E7368E55.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 38596CD5EA8843d4B6D5BFE15A9961E9.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FCC1E487A2164e8c985B6DAFBB8AA0C0.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 845400F096AC43b19222163B44FDBE48.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E539813E57CC40ba925FFA6E4678D9EB.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5144C4D5273040029AD2B5045408AF33.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 674BFB390ACA4828A242F11E3B2CB95D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6A90867C5DE84db097D2CC5651DEB28D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 714555B7219A4cea8CB7408FC41BC761.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8D5C25CC628A48799D4AFC5DB352D544.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DC793BC62013466c8E6247E352C4F34D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A93BA4E1380143f29BEC23CCAE110B79.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2949D5BDFF9B4944AF6B529297699965.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB3271C7585C45cf8C7C17B40CFED945.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E4A4F02A1A8F42718B16922122AA731B.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4E65FE6C65374e5c898202776CCDD6E5.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 36866CCBAE2C47788E5518A0B7EDD3AD.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1D59F41773A148728A507C5944C6BD93.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B5FAF4C56995455cA1F188A931E1B821.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 26CBFC17ADEF473c94BAEF16D87244C4.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1484029014.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FBA60945A95046d3B34BBF33016A8CD4.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 086A734991F545b1A027572068425DD6.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 459AB81595D940e6B7ECFA4CE9F483A2.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 26C30EBEC4394b8f941FACFE2DB040D9.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 725C281193454ba6A6E90A5E53E57859.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2B29021C44484dc9A46943633EFF8863.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FAB6CFC8FD2B448f8FBE768CCA17A8CC.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E15FABDDD5A84fe2A322A50CB9E20E8B.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 27233E20FF3D4d7c8A44283A6C29C82D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2BB885C3160A4f6685D210896FDEB55C.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6D4211F76CD845bf86D87FBA441F122C.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FC606C4C24624807B563D9ED673ABFA3.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 609503EDFAAB446298DB0CD2EB3286C2.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9F38B6445D78401283F28AAB5B3542E8.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2647B75CF9354fcd9B926D21685329B5.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B89A58821ABC4a1f922385845E539C53.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F57F4D2150DA473fAE48F7F2832692E7.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D88E705D51634550A50E483A43859396.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D027D270194A4612BD9F69918D55821E.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FFE0E0BFA1D1456a8B734BCCDDD0EF8C.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 434DBD36674B459a82BE8A6477B5AEAD.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 54FC5FC442E44f87B4F952CF377083F9.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 372F761D27424ba38625C5FE361D699B.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5F1274A5CFB346fd8017F608C31A446B.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 35DDA94583394246BE5E790CA1A39C26.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 278F8C29FEFB46a2A68894768023ED98.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C36C4B766467484bAF8FDAD73A94AEE2.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2A06749E91D24246A0C4AE5EDD1514A3.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7D467AE6F9F3406893450E5E0916AE1E.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 86F13B4E5B5740239644E63BDA418995.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FADCECBCB9A740b48B22F3FB2885A432.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5BA95E4294D149679BE22C44D741DEE1.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1F9273E97F474d7fA52AF5A4EE4C83A6.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E2900107EEBF4784911EE5C858CB962D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4D91D61831F940e19DEC64B490E4FF38.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C8005030CE0549ee9C4DF22EC36DD92A.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E7366F814D6B4341A56B6B8A993465D0.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 186FE698A9884764A3E2100639BC1D29.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5D2CBF8B0A094c6093229E3203BDDAA0.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AE56B2B758E24a068FE92A623B1AF6AA.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E25A847F1171469cAB53ED867D3EF734.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F48DA97077B0493f92835BDD96C8CE59.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0192383777A34de484CD5F3F934DBCF7.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5190C81D9DB545da974478113BCCCCC0.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2489EC136E02445fB7974963F73B92D2.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 16E980315AAB43449F369CAB65AF87E9.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5858EF8E275849bb96E56CC14809B6A2.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FA3CA9E5841B45cdAE6913B93DF1F214.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 220DC45DA17840df826009DB15F7F43A.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C2176B1CA95B41ca91D444D6B002A3B6.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EE14C8F5FEEB46f6BABCF640DFE4A828.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C4510BD01ACE4c84B0E0C094278006ED.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ED89883AC4DF43f3AC144DFA34417983.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 169258E679594db4830F2A5E1593A2AC.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BE6E758D67FF4086B37076EBBFC24037.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 90A364ECC9074ab88AF4D0CD5C1D0026.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0F8D49FA67A842a1802D52A73D4B09E0.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D9673F1E675047faAAB3D1A899119C78.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 65D43A079CF84241A897D388E8EFA8A6.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B91324F4DD7546d0BF879D72D4F27A21.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4ACA94D771A94823BFB16D346A7F6BC5.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 18B935DECC034862A7CFF7351C02AD7B.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A8F3409535BB464d8F03E348EC4B2939.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D92B401DCDDA4313BD1009CB35694CBA.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8BAA0C7206D542a090972FD0FADE8BC9.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7524F546A74D4387AC5DDE4D871A5A97.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256.mum",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256.mum",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256.mum",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\wuident-inner.cab",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\wuident.txt",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1A980DEDF97E4418884DE68AF9710EEE.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9B7A0AEF92214ddbAAF34A364FA9D4D4.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9AF5E96548BC474d9203C57C2A098323.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FBFAFD6314484d5fA56FEC8DE8432680.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Users\User\AppData\Local\Temp\BIT2DAB.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DFFC7831EA294e2fB3F49B06F3D3E726.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 422C520C63FB4bbe892A0634031BA86E.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BEEEAE9D04C1426eBE059B09556AD54A.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A32F5A8035A944e3BF433BA59367B366.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9D6FA199A69C4d3084F5B45AF28A0FDD.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 14CDBD0F36FF4b608CC8FAF47BD0F0C7.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 47B4A4D76F91457981ACB198A9AFC243.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D5839B9DE88B4b4aB81CC9D891B41470.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C26763209CB0413494CEE79074CF61CF.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CB975F06AD3641bcB7B15AA03800B95A.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 16C56CE14C9C401d8FF70F14AE8EC360.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4F7430A37F0A4ad19A5A351A6FAB97B8.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1E22D52021FF4142BD5FA173241BB679.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 15AD04CA930946de8AEFAADFA9B0E0E8.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\cbf3ecec88332e684b2fa5f4b8d83830\BIT6292.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\cbf3ecec88332e684b2fa5f4b8d83830\BIT6282.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9D93431837CE48079CE299742C5A0D9B.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2C9EF44829624199A2EF047C3CF00F49.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 23F564669D8F4c57B55DBFFF72CD7EB8.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F00C17A0EF004d03B495535AE4C77059.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\cbf3ecec88332e684b2fa5f4b8d83830\BIT6281.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3DBDAD624B3D428c840D3470A50D7ED4.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A8304B42F2BA4f45BE220C26E88814DE.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\1581.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\1419.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D22963BDEF7D464d8B9E3881D24AE73E.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C5D589D309F34087930172CC7FC8EC97.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 269C81969D0141d98C3B897F481A0CC4.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\12cee825.msi",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\12cee824.rbf",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\12cee820.msi",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\12cee81f.msi",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VSDVATSAV7DCF7OX9BP5.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CA5B737092C541f1A31C568C32DF0FEC.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\AFF6.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DECC608878B84aa2BCD6036E5723F474.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 813C253D1C504701A31E7EC3B58E6D63.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\85AB.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\78JV8WPLM96XO9TJ9227.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FE5C2A61EF854cf1AC9592E14F992AB4.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BE86893602EE49819DE81C419061E004.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CFFE102F3FB64f4a8DA6162DD49A39C0.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BA4VKXLBEBT6HW4O51QU.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\a8a5a6b8.jpg",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8CD2307A94434e4fB0101A467E75C57C.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E41202A77D06436fBE4614D16A2046CA.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1ED7F9CED06A4fc2A27E8926D71EF24A.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\D8F1.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\A8CC.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E4DA3045DB204a65B6555D63B308E224.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\9B05.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9AE5.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9AD5.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WVKNUMTTXE1WH5KVXQ4A.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 22ABAD8C4A3B490b9DFF1EF60236B472.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9B967A7AF1B440b7B31781F943326F72.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\5D73.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\AA7I7IPVBJ6XRNPJP74L.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6640C6C006ED4660927812FD60C3B1AC.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\tsprint-PipelineConfig.xml",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\tsprint-datafile.dat",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\3\New\tsprint.dll",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{CD743982-F7F6-4933-B1E0-779C35698FAA}\SET53F0.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{CD743982-F7F6-4933-B1E0-779C35698FAA}\SET53EF.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{CD743982-F7F6-4933-B1E0-779C35698FAA}\SET53DE.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{CD743982-F7F6-4933-B1E0-779C35698FAA}\SET53DD.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\x64\{CD743982-F7F6-4933-B1E0-779C35698FAA}\SET53DC.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 48C6B97006C04aa98A8AF579F893CAAC.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2931DA495E65477fA91F8A1A976B5B79.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\FFE6.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1484023031.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1484023031.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ECBC67311E844f279585397BF1B51656.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\L7LZ6YFEC058I640280N.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9ECD8076C0C1452e90EB2400A1263B29.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3DC149FB681E4f2493DFF1715AA0E571.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\ea41c14f.png",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DC9901AFBA8640f6B4D0BBA0D344FAA0.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 56DD947F1AB84831B02C107C7BF84670.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 54E6DD32BA2C482fA9398218B6960C00.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LK7XFK8L3YN5IFW7861R.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 48F270CEE0D24cd2B6F27BC4D363FCDD.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C00BBC6C38ED4acc8822A6A753B6C1B7.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2922.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 10764F0240FD4e16A0A46CE044A27B3F.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K54CPMM9Y60RW0CSBHL5.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E06A689A07864b708D92070027A9FD4B.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 27A7EEC5F5FE4ca19726D21388A42532.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8487AEA65B4B49ec9ABEB460345D224D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\be160b613e9734c49797bb7267177628\BIT73BC.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\cbf3ecec88332e684b2fa5f4b8d83830\BIT73CD.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BDA60E7437F54ae386B614F6082C6B0F.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\GK4V04WQ5B6MB6QMBA6G.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4BEF3624DA0C4ade87B783045B6DAB1E.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a427c2d9d39b61db9d0a79004abea099\BIT73CC.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3A14C04A576D467fBC2A070A60BD65E9.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\034c15daa2c87d7f0fd4013048d5c410\BIT73AB.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F47D075719124bb3A827C034667A3D44.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 481ECF2BB0444ece83522A50BB25AC78.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2DC1375B57064e44899A42C5E969E59E.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\F8JEEQQH376OTC7ADW4F.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D5B7E1BB5B2B4f039C3B913E380FFC33.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 67F232709E3840cc9979FA605FAB2725.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 29F10B837DC84bc1B0B48D2DDC8ECE9D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NGRSQXQTDA4NPSPR461P.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3F6586E51F094edfA4D20865275C9671.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8352E5AA0D30426687DECFD6306E6B21.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 268E2D82340548908BD7F465A78E70A8.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F4C224B2B8D84b17B82CE22A7EF934F7.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MY2WZGA4VXQEY1UGSY92.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CE24CE15BD5F4ba0B20C331C8D768D84.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 93C3250363A9449b8579113DB074B992.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CDFB0F4FE2CC4de89639DD91EEC44219.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3F9CED5FCAC249cdAF7656EC78138FCF.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 574FDA433AE04666A152CEBE168F0818.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\C8CF.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BK4UISPV4PWT5QEJMKWH.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Users\User\AppData\Local\Temp\BITE53F.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 16B4E945C78C49589F1E124A932225BE.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AA615A1739394a4799E61F57EF90C8F4.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6E8C.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 042374DD8E7044f5985FC6E570A67BB2.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT421F.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BIT2423.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1ZHRX8WH458575KKK8DB.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A6A862CE46E54e7dBD27DAE500D898EF.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CAE4F99AB4C34a819752DEB2B47577A1.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 48F0D304EFA34338A5C2EC05AEBE7501.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Users\User\AppData\Local\Temp\chrome_BITS_2956_4015\BIT692B.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9A700BFB75CE4b338132B939625852ED.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\CC11.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TSX5GFI635LPWGAIFKTN.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 723B9496D5E343c3B743FDD36669464E.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BDABB00EA16F42e5A7DB57937138D3CB.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BIT8B4C.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\A27F.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9101.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\8000.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CFB5294ABBD9461c922190701F31F7AA.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\70B3.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 417DB1539CDC425bB5C3C8CC198CF547.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\6BF1.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DF739035D06B41e9B3C15CEABA7B971F.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\U0Y151Y74C2NKXZQCKQO.temp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0E239646D89243f7B91624E2DF0DBD2A.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5CB43AADCB9C49d29E082EB65A0C56AD.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 65E4AE78FD03459f9C0D44FE6C1CB7A2.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 769AD9A4128841aa883EF40DD696CDB6.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EDE5DA2FCB45464d9D0C927DD8786705.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FA4AA2E89AD34fb6A118CE61EFF5FD1F.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4164473E15544c62A7775603637E2C58.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 964E0559F1F048988135322E6B6ADE01.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 751A74A041D94b2b97804C88CAC7371E.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0E45A3D6B23E41ae82BF58ECA5243DBF.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F0C8D3E512604da88E0E9E572DB23249.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 84310C6414FF4684B76D275D2CC7B7FA.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D35CB01F03C44dd3B962E856F71848DA.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D1DA467826F64b07B9DEC95D4215E7B6.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 752F2B927F274b0986D7F2A170657B39.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7A24D37270C649a7BE106D1BAE2968CC.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BFE868EBB42F4c3cA42A4451256A5CD4.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7A487FCFFDDA4904A102EACF1D6DD310.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7BF2077A2A24476381EFE05BAE004C7D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F92609CC6C9C480e9997D05AF4964E73.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 36AAED1C248A46548E268BE688317CCF.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9844430A5928414bAC8599F3ED7D3C26.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 361B3F5D030F4b0dAEC3FF3DB45EAB0F.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A030E2C2B82048909C647003E13E539D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2E22D4F334A34fd1B77348E8668A67A5.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 68044E7F85A44b1eB6CCA5A6BEF2A75F.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3CE0425DDA06436e93B5351BFDFCA7FD.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B0754211DA5640fbA003294ACFBADF03.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 609BC718634A40c4A518B45A903E5F96.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 270EFDBCE8544c2b97E0CE6954246C88.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C125E06C80144e9bA4854E29A4172E04.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 389F5E1C37BC4b3a96760605B19AFC25.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7CE751342AA4441594CE4D126707D102.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A7DA5EA7045345c38056B887F166C45B.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 56CAEA2F3F3A4ab382F658642890F636.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E70F59A851DD451d9B49EB6234AA9B43.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 72DF253036764852A67BFC2571789EF4.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D59A4EF5173B40c6AB6BF681F1E24F3E.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B8D0D4CD3F13448a97F199F6443E65A0.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3E4DE3CE7024414bB17BF4A2FF41EE0D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 305CC616CA8F4f51986448FD3E0EE284.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3703C231CC404edcBB2F7A243AFDFF17.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0EE49D857A434c179FE5EEC4E40A12BE.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BCD8AC2DF8294ae391CD085308381406.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CD4A3267E4FF483a96B721762E2F6B26.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 34F599CF3ABE4c52AFA6052787D9A0C1.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E14219C6E803441a90E896B85853854F.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4A78681FF41D4bb5BE77DB59A7B345D5.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5E370FA08EA64721A8955888B2FAF6C3.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6DD8D42972554670B633DB43032A8B79.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 70F7BFE6B79F42a0832AA449BA225040.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4D52B2423B084451B00DE1C52267B34C.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 38AAE50145D941c787F5D21E275C327B.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FD3F499EA960423981C0A123D9791A68.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2CA06796CDBE4a749BCC556342ACCFBF.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 164F0DA5227240259858F2E5B7308726.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A6CDDE23A1FC4002ADDA4E5B8CBEEAA5.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EE4126E6B74D47ce815FA48DBEC2F2C8.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 99F26C44DE354c68B97A43573EED86D9.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DE50970C77E64ecc8D2BE478875E8ADF.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1484022195.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1484022194.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E1DEA070919A491f87D2584F30B3F613.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 69E0FE615BF94fb2A43955CF3F46804B.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 497FA508736F4889AAE880E04CCDE321.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A46CBA449B764eae9989D3CF2ADA7015.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CF32DF26F05C4dda8A60042507D917D2.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 06AE1AEF6E0B4d7a9B60824CE565299F.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\imprbeacons.dat.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\eventbeacons.dat.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A4F2C41D677B43c8AC06BC4EABE9E369.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8C8839379123451eADF085F6A4670D9D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 722D1D7247BD40fb9926371C4E377047.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B4B3B369612841899B61DADA1DD23E83.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 67DE307E262A444b931F7DD04423DE78.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7C130384E452400aA3561EDEA44FF8D3.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FC1B9E244DF54b8fAE507EAF4B8A42F1.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 43B679DFFF5846a1B0DD7BFE98CB2920.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7AC6F7D96F2F4f268DEF172488FC1DC6.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4101A68BD39E42f99D55BC57F03747BC.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 03C06EC545E441759162796FF269D31E.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FD27FB182C34468aB52866988C5DF4E7.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131284955907794153.txt.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2962_1634_notdimmed.tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 200B5867AD6D4223A4908E05C656443F.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C1F30DDB7CE34b8b97EC1A39DEA4F80D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4AA810B4CE4A40e0BB3D5F647D0FB530.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4FA4C1F7D93F474f9601FC05FC446584.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 412EF36A0C9B49568916ED4083C6AFE9.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2663190A648F4a4f9B49969805BF875B.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3A3A245E5F054cedB5A2863DBC959141.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C32B598BEB9949d29FB93317B8BDA96D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FBAD39B30887461aA24FE6B354A8EBF0.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F11192338A3247be8F7AB76F3AA8A994.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 91E7D14154584e5aBDA08F6307C7E19C.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 61D17944B5BD488f8A7CD09D5027B64E.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0A72C338BAD2427f8A75DF46932BAF1B.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4D399079A9EB4b71875E8874F43B7666.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4E2195B7FA6849fc99E923AC8618697C.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 04CBD827E9D448ea96BF874375ED3009.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C586B11F39D6452dBA2611859852201D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 54D78AD649074a63AF27AE02CC4F71DE.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F2B851B75D3449e7860DDB0DABC722F3.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 972B5B52E69248d380A1DAFC5ACAA9EF.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1C12FDE94E5D40feA52C373238822BAE.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 039A6C8BB1F14f9d964DB87D50460A97.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 64EDDF4A541D4aa4B462DF47869DE7BB.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 80754299F821438cA467CD8B56E8E4F9.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1FA5178488624a70BDA8481E5D847D6F.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D7953213097243988B276B81F32BC731.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5736598DD0AA462784D3B693E9E0E22E.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C3E914652A324f8697B4270EAF0237A9.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0D7C5E2167004ca0894AFB1126ED9539.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8EDFAEF30EE548c1A462B7AAEBF2CF9D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0BE42372B8A14fd2B3F22DDDF20D3E4A.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 093BD34DA4C74e30BD03123BDB8877E3.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C07F4EF764FF434292AE44DE819A9116.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AABF820BE72A4910B4B8CF8161F81AEE.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 05C35AA7062246f68F88E73338206080.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 78D046C1F27541329F53A20394D42BD6.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6FBA019EEB9641638D35E1DF7D80B439.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C5F95C64EAF0449195E9FEA2232AD5C7.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F158B6246E0F4e5a8CB7D997B4271195.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131284952978932827.txt.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 21E89BB845DE4d9e9F8D157F3E41452F.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 77C4EDA37A534207B6B3F7E63FDEA7A7.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D7520021110E4a6f82385C8C0D9056D6.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F7AAFF2C1FA549ab9A7C7C58C236B5BC.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7978C1465CCE4c36AE9405F44BAA7A60.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7A177CB1B7FB414eB45B5A8346ACD5CA.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 656279ECBFB248e79576A00AC25BDDD4.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 580BCED443A04f2eB9B1A59AC4D068E6.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 25C7ED7FA0634b6eB702E2154176D4D4.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1484021626.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1C6A0A821B6147eeA2829DA4284C9B34.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 27E68F7576434c59A71941A6971B5ED4.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5A4C6B54240F4ddd9D716168A2EA6C0C.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A8AE3B6392244e10B9EB7849C6F540D4.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2D019F19599B406e8CC92921D6EF3AF8.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0F0D8A2A13BA462d8A6F6B713C4DE441.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F5D18752D4C54f2088915498311CDBD1.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8743A51014D5446186977E9A48FA32D6.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4D18C007BED74816B2C450E04E9C37E3.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AB33EF263F07493f952911E8480DEED6.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F26B00A804694018A8114071A9A263CE.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7FE03DB7378A4ba59D0E6509E860AD7C.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 57C3D3D2386347eeAFF1456A2FC0E9B4.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9BC4CFCD0D024c09841396B79DAA36A9.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BFC1183446B74c219AFC1F2DF3676521.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F096E0A3A88746b89A59F74AD95CFD6F.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 219AAC1E75B945b3A59DF903DE56D193.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A507FA5870504889B8D264B5BE4A72E4.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1D6D0BDDBC31484597510C814BBFDC89.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5CA1DDF4C5774facB5FCB3AC06F753DE.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D2FEFB69745C4e9b8B0572B49911B5B1.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 41778A2E73A64e2bA274B363DD1F4A3E.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D6959993CAEF424d948C916CFBE2E17B.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EE65DA50DEAF4343A259D87E91077960.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1484021444.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1484021444.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B0299F483336405cAC54FAEE11D49005.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8FB8820666974862B42DA9013B9817B0.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3346AFCCCEEC44c39AC0DDC23ECFDFED.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1484021416.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1484014683.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C992BF65AD0447efAC918D853F07C74B.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1484014673.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1484014670.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1484014666.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1484014666.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1484014664.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1484014663.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EB11DE0B8FAD4c49B839326E8A4BBA83.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7E6471975DD14634B3F118D4CCC337F7.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2C7A115471114acaA1BB0C448F9F179C.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1484014645.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1484014644.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1484014641.~tmp",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1951B0EC4F3949daB78A2E65FD0BFD3F.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E56D371A13464d0dAAC7E6C2B2AFE6EA.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5080106AA3864a12BA767FBD8BFDD2A5.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9ACD531FADA84efb904BE0E664E03C7C.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F4CAA3F75A0645c7B0AFE5879AC2F3EF.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 53A5A544CEFE4d7480CF5FF65B96154E.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E205B407B8E24185AC372AD2693AB501.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 660FCFF6114B465d81D0169AB519F4A2.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 646F75F48ACA4907A7BB7568E1054C60.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 780F559CC33F43bf99215402899ADC13.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AFCA232E37AA4e288BFAE368558EFB57.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5A6DFAE903CF4146A19BD768641D845E.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BF7A9BB497BB445dA95610B3977ED556.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CB2DC0F14B6E4a5f95D2D56F928B395E.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6DD4D6A6A34F416080A1DF4B769DDE99.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3F83B13052A7459a967EEA388495ACAA.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 328C8D681BC84fea88657B6763F2AE68.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E6DB14A6133448a0BDB77CF4C322128D.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 843F8CBEDFC0414f99A490519A4B9465.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C559F146BF57443aAD80D4BE172716C3.ppd",2
"2017-01-10T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7F7232DF38684aeeAD7DEA283B3B1587.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B3DB845AA1264167B742285CAD71EB33.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 02C581AF25524df192C3843227403CFD.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3543590A23374655B5274F5CC3A113D9.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 59C9C413025E4ab7AA2369AAB86EE8AD.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BF7496FDFDD54735BBE18ED9D7CE2CC0.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AAE4BC86CDAF4f15B39A5AE2C1821278.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DEE837D7AA92489788A502F366F2AFDE.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 72EAFF7256D4493eAAA41B7B340A3ACF.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4EE41C73DA694e9fAD94F9765AF672FE.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7DAA8E5FA0994f819117FDD74DCF4A30.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D3ABA3066DB04719B3DFEB92A9BB3CC8.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 00E6A586889649beBEF7B37E1FB5136B.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BFFBE1B2DF8E4b4581E0DD5044140370.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB98D4B2AB9A47baAD97FCEDB81CAE8A.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E208B666415640aaB373D960D3A255F0.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F5A26077E99B476cAE253A9E53CA97D8.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8D8D951399854dd0BF34B5B7F27515A3.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1484002261.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1484002259.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B7C18142795A4101A9CC7DBCA6669C1E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0C9D8A6805934ea9B874E3CBCF9E6087.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 768FF85CB76848e1BD8A7E23BFBD86BA.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 442EA428C3A84d46AAEE950582D486EE.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9AB5212452B84a66ABFC157661D5D713.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 062691C705584b3b986B242269ED9506.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 05DF2A6BDE534d2eA3F90E80BFBA8253.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DDE680B5C0D643f5B06EE75200C46081.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E2BDF9D7AA6A4f758BE5ABAEFDFE59A1.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C3CB11788AE7407187A7CAE31730020C.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B20FBA60374344159ACF72743511CF12.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CB2E530BD2A74300B4062BE7AEA5F074.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0959550F23C74a6eAF62DDD776D79FC4.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 183DF8A796BA43e985005FA5A91BCAE9.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 66D1F2AFC31D482286AF42711F537E8E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2DCAF838CEEE43abAEAD6EEFBB200210.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CDA7B7C6289A428b9341302C3C772A0C.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 778D52C708294877B8EC40582C7E935D.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 522F20FA38F44e75A46E57C0BDF150F3.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 242321CEE8A547c9856F87F47CEAF649.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2CB3801CD9B54a31B00FE20E4F6FF86B.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 12232224D3D04e04B3972DCBA427DF82.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7FDE584CDDAC4509AA2AE0A404B15EB7.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 871AC3C38C354f8d87A8F062B6C9194B.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 618AA86F38A743e391D545BDCCC7C259.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 66F441C9E44B4cccA1605D02938ED5F4.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA0E3E6B80854090ACF17E5BF6EBA95E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 02818EC870914bba973D50A53B6F2377.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0879B71DDC5F4c06980B745BECA93360.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CF13B8BA8B5E42f081EC3777F10C498F.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 284759306D6F4d048D50D65303B409D0.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 54B495AB2F204b83860C31A5E1741DE5.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D47690F3B1AD48f89AA9D851ADEFD89E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D5B897A8803D44dc98CD24C4500ECAD8.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5DD2BC3F57C1482b81E3477F1E93608A.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 998C6805B6F0432d949D14FF5E1C86D1.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E5F36FBE5CE84b009066A639186FAC45.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B618036A23A140ad8DFF27657DBBFC18.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4A2B3EE05221486289687D6F5BC8C4D8.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9B2D197429E34339B69B1D626180DAAA.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 87E69739634949378244BF87454E5F20.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F6C53A91378F4ad689FCF832430D628D.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1F87B22EEE1C4ec79044E50B06488262.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2C72827A39A3433f81DE1DC7448D602F.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6CC4B1AD921E4cdd99717C475ED89B4A.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 427630257E7447aa98F5886E55361FC5.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 67D48B43C02944f2A656E3E9E1A1A3B8.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5FCF6B83ADFD4ecbB930328EE90FB926.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F5A5C85CB6684304AC61A737D99DBF0D.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 751514610D144f0e876C855539BFC247.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 05F2781410AA4cd69BFD605AFBDB2182.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 032AD9B3ED094fb6B5825D02C28AE429.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AF4EA54662AB4151B91F7EABA33C447B.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4A69A6719FC943ff8A1C085747199F05.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F0B8DE56E1094c4092D875EF0F8F79FE.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 14A82D0F84F34dbc91EB9BC08196C13E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 36725C83AF124eb89906CB95CD82D845.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D402231CDB4F47ed80E72A074579F037.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EFD60C72839E45b8B1280CB96C6F7306.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 881BA3E5322540a1AEB6DEA1A68EEAB9.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E84CB2BD48AF4bb99F6070ED6F2C354E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9A84A80944924670A0D36B5B844DC71D.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 71CEDBF6411D4435B2E360176FDCDAFA.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0B9758410208441eAD2924A6D02E1CB7.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B79099A29263469aB41A345FF6357084.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3DBD41838D994a19A169F7EB33183ED1.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C4F9CC4248E54891B3C58D85C4B0137B.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A2832063ACFA4180AEAC9D91D691883E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ADE31AE8436541baAFBC71E8CC1B9192.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D4AF6CB72D1D468eADED66C825E23D8C.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EBA52177ACA742329993E62BEBFBE112.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1F548EF7CB9244e8B5C26D674DE2C0D5.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E2D059942FB549c0BE5AE128D1969761.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8EDA3917163943b887FEE25461FDD84B.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 58F40B220DC54447932993AF5EDB2F42.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6DFF56AE61BC436d8070C522A871F76F.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E60FE0AAE4DC42f88D7BBF2043ED6C48.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7B65DFF7084845a4BFE42C2C3AB344D2.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 398D49AC557847e5AC0A7FD5296EABAD.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7930B3648ECD4521BD060F92A36D4352.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4849449D6E9B49cf922B35FDBA6F699C.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0302FA6CAB884097845F1C57786CC74E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 48176E1629E94d148AC3CD6D31C236B3.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9AF0DAC7648145e399653B1E60307D8E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A4B2558B1F1B419a98DC37ADC7EA554B.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 88C98CDE1B0248328A6B607805A08856.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2E0EE70B99E54e08A2939A5F48A1598C.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A4D409099A5D4172A3953AF083D0C7BB.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 712B2F7F567E48baB7431FA03B43DAB7.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FABC7425C21842d39AFFB7B5A4F4332E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F304CD1FA53F4100B5E161A2DD8A4EDC.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 808B0AA33D5246668E941AD5E729C5B1.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8D58E3F66A9D4becAF1B707C340DAC94.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8E108AC8CB9B4d17A100E55AAA2C4931.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C11128D0B004470f85F87E6D47716028.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 586492DD16A440ba8C8F899B9FFC7DFF.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 488FCC10205D48c09ED09C558632A6D6.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3C3F0E9B47E044a6A2FC076ABEF93C7F.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7F19AD8E350047c4BC308A757546C949.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BA6FE538960D4a44BC9D33668BD8E7F8.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CED5F3AC31BA419dB04C80B57D7D8F1F.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 84E568F881064b43B46626703FB8A369.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9445C07904C64232B093D09A398209D3.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1F89D1BDFF7E4d948837797E06563755.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A3A99E75B139440fA9A128023C4A12A4.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6713AFC8242E45ccA70F2DC65EAE13A5.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D49556701AE54255A914D9093300EF45.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FD823D4CFC504b418B336B714AA3BE49.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A6CA1268C80741c4A344A16E20EFA9D7.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1E94A356BBA44fad9763739153D2C15A.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D354A02670F645379C53BBFCE0304D3E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FEB5374880D34a149560BBE75E737463.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 33A2F18A56F346b592696EB1FB29B92E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 686B56B54D754d1b88997EF8400F1659.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EE6CA2C0F0EB400b942249D9BC971F1D.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7E36E145E12E4c40925DC41487AB5C68.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9DB5158C261E4fbbA6AA648859788A9E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7716F12A85834ec0914175B802048ECE.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4ED9A8DCE3F544a198000E9CA7174F72.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6098F09B5D2B4e408E32D36969897204.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CEF7A3236F484a28882A75DB6FB431CD.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 05D7978E97CB458eBCE534BEB998D81B.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FFBC388311FE4706AAB34FEDC5B47ED3.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9AC840B0A51C498095C12AC0E84B52D0.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D13173C6678B48e5B4804E15EEF6A590.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2560_1600_notdimmed.tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2560_1600_notdimmed.tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DCF544C52BDA43438EB9B3A956713579.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1F4F8174F25F45a5AF04A6B90558C083.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0B3D2447C5F4430a9B7581E710F2E319.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F65D8BFF8C5C47648266805B64762D80.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 230E45E79D8C46caBAA263913D8EE2AA.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 889BC675F3634293A28D443F6912E987.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1A953BB6B7874a7b84EB70219A741611.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5F120B2D8ACE4d03B004E31FAC385035.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0C625A56D3C4450f90AAC7B70E3C2A3D.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 105F0EAB2AF94d0b92D5FE9180B58C92.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 618BD8FC81F44963A1652FEB092D83FE.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C7CA0AAB8A6741d59AFB8B197A1E7F68.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\tsprint-PipelineConfig.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\tsprint-datafile.dat",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\tsprint.dll",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2664_1664_notdimmed.tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2326240034F14d0cA5F7241F30EFA33B.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 92DD27E338DC437eA2BF84B0632AB8B0.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2962_1634_notdimmed.tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5BF4080EBC264187A4F3D92776EC5783.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1BE5300211534c1e9B698F88411A62CC.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2EBCCADACDF24cdeB109B8703B96D432.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EAF1C57D75244bc99C6401A2010521A6.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT78AD.tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5F0CBB0265CF4f0786FED30F4EFAB21B.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BIT1639.tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CC22C37DB7574ee0B1A6EA5B364889FD.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AA59D974F3A34658BDD3E566118E1B97.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 98211EAF88CF494a87CF910B003DEFD5.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BIT7534.tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E29B075FB4E2442cBE91905F66116696.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D567912551264a659059489684779DF6.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\67d20e43856731bd628bd49effe80f87\BlockMap.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\36e9c577260e3f20cf9f8ef8a58e30aa\BlockMap.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A5E99ED3FDA74619A50679EBDBDAD9FA.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 595DF6F5B68443eeB16E9A5F2012C917.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7014C68587764fd784386B8ECB6B1390.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1483997300.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1483997294.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1483997292.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1483997291.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1483997289.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1483997286.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1483997285.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131284708848471837.txt.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT7535.tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6CF194A6544D45a38283BF16E6CE6101.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0AFFF6BAB5894124BC614F9FB3CC7D22.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 60014F7C159347d692E5411D97BF2801.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT5431.tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BIT2763.tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3794E9FD73E64b2aAD2FCED94313E5F1.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\e4925cfd.png",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C4048E374BCF4a918E615F072E7900A1.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5E3F47D934E3456687BF2E78EF650D90.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1483997210.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1483997209.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1483997208.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BIT5B57.tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1483997205.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1483997201.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1483997199.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1483997198.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1483997197.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1483997194.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1483997191.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3F40044050CF45a2BAD2306F88072515.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131284707868241493.txt.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6AC3367426324853836D93F5A2A75605.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9FC7F09247194e15889F308366465E79.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 330ADF249DC4412d989191185C199A7F.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 90B7D99963F5443b9EBF21AE77DCFF6F.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 70E3AFCF3A9A49e1862D31499870ADEA.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7DC9D1D03F8746c09DD28FC10313F2EC.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 79FDCCC6313B4e329E065E537778EAB6.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9C43BB87C2924bc9B70AE6A53DD78038.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 27B4F844E1EA48c9B02D7D519C36DBCB.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 99D02FBCD72444c297E6010A8B771102.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 33E0EE77126542d282D3FAE02327132A.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 65C36E25220B4b569EA40AFCF68072ED.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5B50B8D356EF40859725AD5C7542382F.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3E67A01E847241f893373BD3BC72A1B2.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA5EFB6638D1480088868078219BDD0B.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E5EC3B29E4074893A031032689D82025.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 76ED3926F37844d0A02D053380573FFA.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3BED1D61092949e09BFABFCB1AA45B0E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 60B8049331A848b5838713931C09F35E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2770D1EB631B479aA7C1CEB58251E37D.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AAEE4CD303EA40b5AF958E13A3B7A2D8.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 924A7ED344FB4d7aBA4E6FB494276B0A.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 038E586431B340a0A5BDAAD1E9886261.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6DEFDDF88D394b32B286AF2AA3468AAD.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1268E8FB1C994ba3A41E4C782DBDC405.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 61CEAD464EC84794946D769A968852C5.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FF19FFD833994e0498ED5A7E5B802624.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1A1C2C8CC97849ccB4A04C02B319E1C9.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3E4B739315CD4d089DE25287D2258DFF.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 72A0FBCAC4CD4e11876A53CC2B1CAD60.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EB78E08BFC34425d8AEA0032F20A6502.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB9A0A2A20DE4e3b9C3171F2A160AE93.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B71DB5CD812C4055BE29F97691EB9E22.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E36C48E49D944b4b94C0D796E29D8609.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0AC7513B4C5D430d97AA12F71973D096.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E42E3EC367E84399A2A8606E0B018FA9.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9036810DB88F47beA3F0A7E4524FABC1.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6C279C6652B743e592B9FFFE29942F2B.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 161E0605D87C4848B6022E6A7DF70FAB.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 34DC5BEAB3E94b2aBEDBE57A451EA330.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3821316B5B2E4a239EB7FE5F0B4212C7.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 25EE027784A94ada85174388AEDF6551.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 149045B0E75A49c981514AECBDD2F449.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DF5C4A5590484132A306CF6275298C03.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CCE5EBDA62F44274995BCB72C32A4F32.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8D899BE8C2114f468FC74ACC9358DBBB.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F3A88125C82A4e53888DA1F44DE10BC2.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7C8421265C02471bA75D74C8BC361A51.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AF9DDFD9154941e4990CBC9365398E67.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A16076D6808B42eaA3CFE868E2CCAF51.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 553FE892E57844f595652E6CB0B340AF.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6AE659E71B6F4887AF13CFF20B195184.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F8A7AB955DE84034A40990F9992EFFF2.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5E2CA1512AEC4ed6ADF7E9A05EF78249.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA8E96867F844be1B6ACF3698ACEC5F2.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9625BF472F71408387898AC078A5F890.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3228EC7AA4334038A33C69C2D0C5244E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CF4D98901DAA463cB3D72C14637DC947.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 52EB765B315A4da6A06DDB14EA9577C0.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B1052741983947fa8552F653C635FCD0.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E66DC155CD3C47e29D51ECCE598A8025.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E5D8B9F39049465599E1296E6F5AAEE1.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 85B2BDE8EC5941a9904368968758FA44.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A01BF8971D8B4739A39FD4EE0F5D4F54.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E7FEDAE6A32443acBA7671B39574BA13.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C64BDC3B43A74a1dA1461858BCA034AE.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 684734822D5F44ca8BF1391DDFB61A25.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B79477E247EC4842A8D76AD3017BBE6C.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AAE76E811350412c99AF4E7EA4F9DDD0.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3A24E6B1FE12487a9ECF69704E39A787.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A0204925F9884f38B40E652402FD87A9.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D52F29C63268480bA52BB331D8DB39DD.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A972D46579724da8992D9A2CBBA4FAD5.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 73EB089472704d4aAC573AA29DFB8A06.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BCBA2D0024C94b4797960DA09D2877CD.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AC5D1DC76BAD41399C66F1F6996130D0.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0872DAED353E4f90B41C48D95050D074.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C5735B7E898A4387A60CFD0A60EADF01.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9AEF772AB3464d0cB8A7377A0BEE4556.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 722BB133402C46a280F68B92C190E796.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ECA4FD45ABA64ba5BD3F3A1BF24960D0.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 408381CB837C478187FE7126EED65481.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A38EE5264D974189899DA1C106B3E4DC.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 486CD94895BE4b3283D85F4EFA5616F0.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D2FECE94E5DA42fdA711CEA3992E10A3.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6F54C02D51CD4b228DC06007896B2EA4.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 47A7E463CCC24334B850B4081CDD4217.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F32E46BA182948f8B392DA7ECB6B83E5.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 965AD5E16C154187A1CB708D78FBF340.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6F1613F872894c289E6253C8D232A011.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FA793783EE62450cA8996B5AD9387592.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0E65B8A63D8C4fea9346CC433F7513B3.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5120A9225288492a91907934110EC5F7.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F86FD284BDF54032957595AA5CF07BA5.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8FA231EAEDF14ae9B2CE1AE86DA7CC87.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E256BF1F1F8843f1A862ABEA2FD528BB.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 218E882E64BA479cB3C110A283E616BF.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8CA7B3E4F0F64bb6898A8E19FDF662D9.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AF0C006DF957445998EC9BA222988B51.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AA9F7B63DB864b3bA67309123C7D0D7D.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 54D7855C2B1946c38957CA0E9944EA6B.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A983DB4A52C0420dAAB6006DDECC4AE0.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B778A3EA0F5E4de191B7412D4D1C9A34.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 120E47A6E4BD489fAEC0C32000B918E3.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3101164333EF46deA7BFD8C291164929.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 494A371684B84c7e80C69671834785F3.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A765C8B2F5854f188284E995C3951066.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AF8D8F7683114da09FD8DA31E2FDA3CE.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9CE33713AEB94fee8C3DBC0552394979.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DC596CE1F0A244ccAE8B5A1E65FA7EA9.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 035224191A89428a86A5CE289EC8EC23.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D247AF77DE8D416e8AA383F98B07FA4F.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5535C1934431474a96D9404F146723EA.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1AF077BEDC3647cfB1BC679166DA8163.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 671489EB82AF4b29A96BC18A3FDC2D40.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F6CEAA0DFADE4fe58CC683EBD4019407.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9967D99648404b8394D5D38D64156A92.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 007F3598F63542b9A9163578A7D8D626.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 372128AA41D9400cA2E5A76B1139B6E8.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 774025F691724e779712E3038CF2B57B.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 110A0B2CCA924e29A87D6C1EE9BD1BEF.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5B2837BF544F4826939F0639BE95C080.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3F233EC656EA47a4843D125841C049CA.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E0106A5CD9494b01A69F5DA02880C29B.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E6AA5D66E8E7418eAD23310C64D53A77.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2357586C4BD042da9FC160419D11E709.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C361CB65746D4cd3BA26B708018AB3EB.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E5F1F79B748A4226BE89D8A982EEA942.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DB9CCA99CF5843cfB86DF89F295EAB94.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E6B1D3F539614daeB1453C3518602A0A.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FA519247522F4de6B04D7E7810C618B5.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F6ABAFB76D724d6b9ED2C5BDE589B314.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 79AC2F52986A465d878A702E098FB53A.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 61979DE0B18A4c14AFDB1B6FB7DE32AD.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B5DC665C770E4203B77F7214A9E6FD1D.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C32550571397487890330995E63BC992.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F2D7AD1BB9B44ad08E237C169CC11DF2.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FDA46C60989043459B714738BD171FCF.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 28B2FC14AF554aeb9AF369E33B6144C0.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A26F75A2CB02449eB5643D761352D74F.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CEAB5BDAAACA42c9BE283E9A23AB19B1.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3F6945CEE9604158AA0B760414500F76.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9FD63A96F029467f89CCC4803F8CD8B1.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 826576A33698416b80057F9B8FC5830C.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0BAC2CE434CC4a6f86836462EA6E44EC.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 84F34FCECBF64ead993D185F7BE8B9EC.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 526EE32A469C40a38745EE2E2A3F3ACB.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3B694E949F644ce4B4182F3BCF1D04DC.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 85E58D6BD3444bbe86AD4A0C871876F9.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A98427FF97AB4537AC95FE7EBE689631.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5B7624B98E304c01B9DE99E1D865CACA.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3160CBD84EE9456f911736A9F94ED2F5.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131284510854791412.txt.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D823346CB24344c782F03B2DF1B77837.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 92C718E3618C4e4cBAE9B81B7774887E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A039AF1757FE41cd8FCA78DE77B69AB6.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FB8D1671151340648E39F3A007B09E95.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0701051299304bdcA970DFF12817DB6D.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 11D2154CA94A4503A56267597B4CDEC6.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C158DC7AF0BE48109DBBA7905068A2A4.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 32E7ED3414724685BA515CA224DECCB9.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8DA86670D5464e4fA2D7515C230E658D.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 791225A703DA4469A55FB279690BEE9F.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 32A8D26D727C4c149672CBD34B8F876C.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E8B6736D4D764e15AD9821BBF6A4CD0A.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F8E949EE73E343289DF289DF3C63103E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0FF32AA2077340c6B25AA9132446786A.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D5DD3A4BD21D44649423574CE1B4F84A.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D4865003D7CA408eAA5450C175A7F47E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA32D025DFD3469084A00BE556334725.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D783D405FFC240908B7047B8333B8574.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9F5DD3455E3C40a49EF169F084BD13CF.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B68E1CDB1AA944918D81BCE9ECDF8F03.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 31F0E1A17B5B4b73AF9FECC2BDFFBBDE.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 52C79F80B8DA4ee2A90467C13C45B75C.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 30BE967C63A542c5ADC93606554961B3.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 27E636FBB3724ba88B71BAFF668307D8.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0CE60AFDBE3A4dc9917CB0E7FCF8EE40.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 579FF112C81A4e079AF5136BE8A3F1CA.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6F14EB11BA7F4992BCA3AD2C6B9FB513.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3196E290B8B1406094D7E75B18BE532D.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6AB7A5C500C047f69F56E9540D835B2B.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 99FB02770A824e67973FEEF93357C764.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7F17984D172649abAD2E314AE00CA757.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D3428A6B6BEB48cb91A000FBF22BF51E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 46508AC7330941f88ABF7EFA396DC939.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 73FCCFC3E70C493dA42ED3B218F1A40A.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 098F2372B8924ad39E3713C4324CD199.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2523FD938EF54ccdBD8FD8F4F56A3FE2.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5CD1996C42CC46698F5B02DF680DF6C9.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 942C556B0B5F49a8ADE8959B433829A7.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AA7936614A7B461581850454D9343BF6.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2157F7B08599488dBD1B07AA1F9204BA.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7D78F6E219F54a0094DEF7C4E354E714.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C46FC4FA00B14d0bB496B0B7CF7D2616.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131284504229590478.txt.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2D0A389873C44631AA4B69B164278E73.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CE6FB1DFBB5F46e7BB1AED0027006B0E.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 75315A34C7CF441bB394E8D6EF7584A8.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131284503930582561.txt.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\11b9ab141bfeb50a4fdc36356887f3a0\BlockMap.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f303311fc7f1e047b45479515c52a2e1\BlockMap.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AF473D4A979347228FB1F35302B07524.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BITB81A.tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A981B2F545144c838762F9949CD10A67.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 27A5BB22475E4dc1B9D9B725AF9E1066.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B6A29B3795604a53B97394D93A056092.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8E949F97F4404111B7C9AA45A78866E1.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8AC52F18EE4345ca951FEEDDCE86BA3F.ppd",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1483976634.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1483976633.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2664_1664_notdimmed.tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1483976600.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1483976599.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1483976599.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1483976598.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1483976598.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2664_1664_notdimmed.tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2664_1664_notdimmed.tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1483976594.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1483976593.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1483976593.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1483976592.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1483976591.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1483976590.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131284501879732708.txt.~tmp",2
"2017-01-09T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EF653F22B22B428bB51FCE9C4FD02F4E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 67F40A90C6FC4bb0B9FC873D65EC2E21.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F3E19538A8274325A8CED3B98D59D32B.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1706C4E5AC6E43ecB215B032F8261C12.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA3D312FBB374921995BC0EC41E7E4B4.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 00F2A50BEA934f429F0342359ECBD8B2.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 77092C633A7040fcBAE5B8B1B142F8D7.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C0806B8EA3994181B601FCCA2037AABA.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 713AE02565CC4743BEC3EEBC84F88ABF.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BDF23A3457034e148F58EDEAB78D6E05.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 78CF6C23A1B3452eB66404B0A4C0A6C0.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 416C3C260B844db7A5ADB63C23A5F27D.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 38C7DCE5052A4d4193AE7E5AC0F470F7.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6D83209A7409416aBC2D9FF708A03964.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CFCF12ECDE524644B3355CE621D41ACB.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DF5118C51033441fAD7DE0B451459D1E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6CDDB0B94839426eA6ABD70CFADF144A.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 518C0D87F13645acB6F84141FD43B702.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4602C7D18B37481aB3E8407E631E7608.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FC8974EF7C574d789875893B8326D60E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9DAB7486AA5C4408AE391B1C18CA5D0F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 961DEF24CB944efeA54475311F1E42D1.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 513D4DFD7FDB47da9CC167AEBAD963E8.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2BA9311796924aaa965B1EA5A0A5FE85.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E2DCBDE484624c579E4BCBC07F8FFC3D.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 119833450A594fbcB26BAA021588B18D.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D40D6E841AD740f7B09C7A6AC2882E60.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BBB214FDC8FA46a1AB820F0A3C0630DF.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6B5FCD44708F4a2888888F1557E4FF07.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 41F775547F79478dA62DEACD0137B80E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 323BA10B8C0A4498AF35D62962FCD384.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 74D2516AD5A4470f8273552971650574.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 036A3B78B3294e87B2D229DD652C93E2.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131282143635352599.txt.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DA4E7DEA67BA4877A2AA5B61B4E3846F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E59674ADEA5F4638B348A50E958F4EBF.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AC7EC0ED55A74f1d83AD6C11C363B3F0.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT49FE.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B0673347D5664cbb948E9D0D2027F80C.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AE9DE322C2274dbe99633A35287AB996.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5EE2FBFCF0F346cf93BC1A5CBBAF54C0.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\542027a2.msi",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Config.Msi\542027a1.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\5420279e.msi",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\5420279d.msi",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D4696317E01147fcAD339BDEB029709F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E76A5B93C53A472b98B70AC3D3AD2EE8.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1FDE4A3C5A09458fA633FEC5E1504158.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AA5FE8D2D1C1423b816271029F772175.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 15DD6A0E48F541cbB1833AA4245A8D1F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 93E596F75B1B4d228B659AE8804109BA.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 47EEB6CE4B834226BC1469C4FF8BFCC2.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 988B9CED1762417c977A1A5375DCE2A0.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 31B526CBD33B487080442A999E1ADF64.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 48304DE7EA28452cA81AB105B5E8C0F5.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8684BE82E46B4a6bB3EBCDDD2996E8A4.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A8ACDB509D53491a95AA4DD7251A3EBE.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D14D3DF33F774661ADA919E6D0CCA08E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C14C72B018B4404b96E8BE2CE7DF1803.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 21333DBF42D34ce890F36FEA13EAEC9C.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6727863EA6B64c6689C43F44FB52B422.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9A1A885A80F54fa98966EAB96343073F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C3627F0DCC664530A3B47C7C26AFB279.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3C01BB521DBD452f922D24AB7829D278.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 75DECF4E812646188CC193B073E2213B.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1C273332201D42fb988AD8B43EB5ABF7.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BITF5BB.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 54F738FA59B6432eB85B17F4210FFE05.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 02682AC8276C40a5A13612FEC2BF8275.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FEE3752B422B4318A6600207D753CA09.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E54A028E9F5B46c891D412C3F338F473.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FC4A8001AF5142fd8DB30E2E21479803.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1C8250BA0E154d62B8FDC739E0484767.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 47B67D0072554315BAA9D4DF0074ACF0.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 44823A68C3E849c99410FD177C2BE02E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A63E5CC6ED384517B1CFBDD12AC4576C.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7C12B254688B4063B5D301EBD7CEE83B.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 076592E12C2B4d91AB9AF2B4E2796BE2.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EDC19B34DB70443c8E86BAE392275990.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4DDFB604FC8F4a30B88466E7569BAE61.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 72E2334794F84effA869D51EDC96B305.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DAAD6441837C44f09A4429387731D7AD.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 24EC6E281BCE45fb9C424A73CDCB8C7F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 53EAD9287BB94f7aBC87057C9B641557.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CF4EF1EB18FC4707B0BCA6D272170580.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 630FE623B54B4c88B14857C705358984.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9E2052B7652346a6A7EDA55FC4278E84.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1732EC78CBED4c159A1981F73F11D503.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 26A374838D53451fB9A41CC9B108EFBE.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 80F9BD75F220414fAF11C84E964C4107.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2EC5B99AD37F4c08B66D69CB3AD57189.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 129C4A99ABD64fa5B346D1215119F9E7.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0F777864D40D4c56B0067841E86FDBE9.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 73C1D25BE0014b3eAA659096A90C6123.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C08AE54721A846169C1F6499A5FA2141.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2CB981878CFE48699C76CB8DDE472C77.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 679CDAC5821A4ded980675F87E985BD3.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 13A70CE081594b15B4206450900109CF.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3BD2D0B67CF7434481FB56627008CE60.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1E7D7551C2B94f9699CCCAE3808C4BB7.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1483739867.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1483739866.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 67720E0440E446f4A22AFF1335D94904.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8121F5AE3C034443A1AB901D4436506C.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7DA4BE4CE5D045dd9B7D887D9D68DB07.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FB7CCB66322747a6B4BC7FAC5B0DCCFE.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0493214A74124f909AC3BB98892BEEA2.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9E7EB4DA0AA4481b985B8FA4A58C93A5.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 74E7C6666A29429a97258C8692CFFFBF.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E9314D19134344beB61BCD9B23E633FA.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5D98D79DB375415682432346331E968B.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A42B6517A21B40e9AB97880046C490E0.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3F805A8F90A24f4bAD14B83CEBC5A91E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 41BCE28398AE48b8B06F9100FA7F6114.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8B2F40497B9C40598C46F05E8202DE8E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1F8F1357AE4E40bdA1AD31EDC05A608A.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1A3AAE1DF8FE4a56BA0061D03AB3F8AB.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7E49F0894B30441b858628E2C6B58741.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EBA53E71D1F643b99053B8FBF5BE7F06.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 15466E41C3E94240B8AB9E19366F0DDF.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB783795DA62438dBBA66166F0D44A6E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4B96021F26074b1aAD97E23C1F526B3F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 03018298474C46d0B5096A3D26E1CC0F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F27E66CB15FF4f97A1E81772DD90253D.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 35067E3B40244f229AD250C1D4AB31A3.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BFA5EFB8D993463bB1132F22407F62A5.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7FF7D82085AC44d79AB585566CEB1D42.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D3A1512EEB514e93B27E27B287C077CA.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 335D799F01A245129EEFCE966B8460E5.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4DB6B7B70DB6436981F827CFCC5BC454.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B4387A80CBD04ccc9141602604AF3512.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E7EEA3D6AB8F4440BC867D97B59AB7CD.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA7473EC2BF34589BD78560AA19E3C29.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BC933521A2F64938A5488F9462C3D68E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5A1CC7A3B4CB41a9909DF48453203A5F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 74A6CAC540F8487f88EC206003F352F7.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0D90D158D025489d8E46A786DAB6E2AD.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7F6393F17D6A4f07A2FBB45BAA7FAB3E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 68EB73A593BD4814AB4C6456A8A9A5B1.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C7D68F83900C4a98B78998ED89C9F3F6.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F978D0594B2A419289216E2B5A9C54CC.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7086350120BA43ce86BF3DC27752329A.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 42EF3DC5316F4b2187524A45F9B890C7.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D05ED68E85F44d9aBDE36BBD3D790FF2.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 059238408604427fA314B7AA658F200B.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7ED2D3D021154c11A2C9C38AAD32702D.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AC4C0BF33B264bf8B2646E8C6AFE00CC.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BACF738C253841dbBCE45C127C51FDEF.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3B17235083F6407aA70DBAC2656D63AB.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B73B9E13E2E14938A5CC7CF75FC1C864.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ED8416258A90429b95F079C62C1C5A44.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A5C9DC1072244ec6974274BB095758C4.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F4107016F8F84a5cA72446FA8BFC7FD3.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 925BB0FD058E42d59E38AD93E830D01E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5DB01E65E859439f9D81050EB67B464A.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C8F0C2C5F104478289FA9200AE3A0164.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4DBC8DB1C6924bdf907F48DB8E66DEB5.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8769EFD8D3BF41c8BD02B12CD540C678.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DE84D5A45C9D41f682B69D5D09E459F8.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A066D5599FFB4e5e8B7983BE7EE2D58C.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C5CFBB54BFB34d6e8B61CD7A58577E49.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7FAA2BDCFBD5429d9A49410B19F40DAE.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\a2830e0d.jpg",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\f8ae7535.png",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DF23F6FE53D544d4BF4C7C6C45AD9073.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B3B269BCAC884779BFFBB3C5BE866B35.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 99210B344DFA4db99F775ED8991315CE.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2664_1664_notdimmed.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 10750CC4991F4dc99D140EF6397DD35E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 259E551388F847beAB88288A8E7C84CA.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C2179263E5014fd5A4D5FB61845DFE3D.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0B2CC0B6528C4b31B6F2F3348B8C0131.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 47B5977CF79B4e0f808228BA840FBF66.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 54DB17933C5647c5BAAD9F519365BCF1.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DD67119973A54be18EA86CB7EA6DE69A.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A977DB7E276243a683A0D4DDE641B00A.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 228A4BD665CA434a9C9C604121D8C911.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A5A46C133ABE4a309CC226FD34AB8B86.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1F50A17A6F344891AAC5B3F03BB99CC0.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D1DDF49657544c3c8BB65D61454F787A.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E878A654F93348dcB1FE45E04A367D3E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9AF2DFA1116B476bA9D818A37AAC212A.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 09E3D386B782409fBA37252D7627BC2B.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DFF085C0899C4c4aAA8FF524875D4773.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A1E545C7A19D4bed9206F6A02C272712.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9C98BBCF2BA24f508DEC5B4B567BCCCD.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BCEBCDDD5C2B4548A606A88051F7A4F4.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8AC9BC277533489a94FB5A45AA65961A.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8F9D4D088C22461aA55A23373F6FF615.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 50F599AC45754269A3E6601ABDAC3D72.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 49DA75262D7948c2A85AA66898AB1337.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BF33889374BA4c89A03353C47E12200D.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 589DDCAE51A1438aA8FAC970A1B74AD8.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 278F1F12122C46fd8797FEBB724BCAA9.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DF55E0FD29E04a0bA87A4CBD15502541.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BAD8DD4CF3BC49d3A700E12816BE8D07.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D865260C0FD1400292F42B96AE2F39C8.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C91B2110E21242e68F0CF0EA65F85C82.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 12C5EDD1E30741c3AC002FCAA29CD245.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A91127D7E60E4387866457DE2C3CC7D5.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6C969EFDC36B4e2dB483B8FE233274A3.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B2384A76E5D54bfe97A46DFF7D7E65F1.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B8C1B605E08445ccB30E5398F3FEFE06.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D4BD4759B2D24e62BDB271E781399D21.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 066D7BE495224381B50D7C8837BC2D78.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4782B403EB9B411988AD33C06C3C29F7.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F6FD9F46975A4b058F4E93ADBC3ED841.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9DDFB136355C4f9e94F8270CD6B78E04.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CD4AEFC31CEC4b09A6F1FE399D23B13E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2A61854EDE5E41d3AC1338303FD2C2A9.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DD4EE07BFAA342a7940DACB883664D9D.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D79BD2F4286F4e96A3BA74694B4FFD4F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 59DAD96316DD4d2086462480E59BF2C5.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8963A50D402E4f65AFFB6DD72F735141.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 95CA5A4604284686BA9BFFD6D47000CE.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 62076E9F14254607AF84DAABBAB1C6C3.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E370311BFCCB4fdbAD4C45E696F9E6F1.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2D2E4E64F06D492bB0B0EEFF21EA3236.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 32F534A21B404f80B8E091802AFEC252.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D684D4997F5947878EE6632736BF2511.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 430DA0896AA74d4eAF386A1FAD7B66EA.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 569157F0975A43c5A4E65D83CFB5F7FE.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AEB995A8540E49bc920155676B5B52B5.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 044859CE78FA4e5497782272A63B4934.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1712D871F7A240239AB71F336C66C63F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 18BD94426C434218A7EFA1D6934A51F9.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4D3663A5D4F3498fB60BFDC5CED1991D.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 435F032792234ffb9BE9A612E4714F1D.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A8BB8022348746b1AD6A7A2F519FAF7F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9128F8747E9C4e21A81AE30143455B44.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 44B64ACC04B646e38C2A6DEFCBADC494.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A40635EBAA994cd8B65E431D33324F52.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 46BBEB20EB914d2dB2774BA07FCB8AD2.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C3CB0666A2A04a7cA149A20918217A36.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A6058BDDF3384a7696674D43E5CD98CD.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 55C9DB8185A34301AAB0453BA9391FD2.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 45A5BEFF4369493593E68BBAE7767E07.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 80DF62F9A223420fA6B8BF7F896ED10F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CDEA0F56DEDC49b884A7882A63FD0BB5.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 89F4229749A24789B3A1AA384BA13645.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B3FB8B275AD043f6AE8F892D27F6756A.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0128A385B6BA4a4291854404DC748F66.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 002623BF0A1E444eBFAA777E3994E9A1.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BBB2DB82FD6447efAF2BB811EBDCBA13.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2F8471154CA7442eAAD5D068F5F0D6B7.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9A9D833629024e2a9649E6D11BA0084F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E072C47869984f24BD6C93AC84E15C15.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 95BA6C7E2774451581C6DACB922BA0A6.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7C0009F0B3ED43ae84FEA1CF7BA5D6AE.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 85AF49A8FF374f22B4CC33E128E586CF.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6EB2A0C81EC548fe80E92DBE633E07E8.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 67591C15FC66456bB121CE456C9B354C.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 86E24AEF63344b0094CD4C7D7C0A0F8B.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E22F2625BC704932A402C25AC17BDD55.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CFFC722AA2FE4c0690E0DD1DACBD4083.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 798BE9B81ED44c359A0A9511F7F3CC7C.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 747F44C3EF8B49749C62452B788980CA.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3A09B00512084decBA672D14E4BDFC74.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 808952CAEF764894A813F0EB5CF6EB7B.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B5A17031927B462fBB9B2D44F0137E15.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E62401FD1C1F4ba981359E10C51628F8.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D4DBC5786AAE4739B6BE72D44AB59179.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E71A2BF22BC54fe683207172017D3977.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3B6C4477D1F54aa99D546865992D0B60.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4C1C9C76BAAA4c0bA8D3AB448CD829E4.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CFF3BF001AEC4f81A2663F416470E806.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9F40F00ED1F047ff8DD5F2A5B7BAEC24.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6ACE9AA009FD4920912A1C74EC6A361D.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E847346743CD43479AAFEBC98E942DD9.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C7CA7562B48E4f2395FEBF7190AC9415.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EB749EE3FE7544da8363F80939079628.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6B22F6E921FE4acdB8F42C1E4AD675EC.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FCB9542B5F2341198B93741F0A2914F7.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 173BFBA749E94eee8750FBA8FBBAE63F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8E4EE9BC842B40559CC0DC24E6B07999.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CF2367F366D04b3a96B70769BA8B575E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 375445D1E85847daB14CC9A402A337A7.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4FB10446E1CD4750945518EBFCB718EC.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3F94AA0DF9E140b4861D245756E7FD66.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DAB65552D54E4d5c82C521EC459AC407.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F9E334F1CA48430387004D7CBC78E5AD.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C10EFD368C65419d9C7B5434CD8E60BA.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 71887357A11D4096B53839578CD2B31B.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 519EB41A696C4c0aA72111BA750BB112.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B0BFCDDB6B704103BF6616557AC2D57C.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1A0D4912568C42bb8CD3CD92A4E36049.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 29EBB75A9BF541949E39B0A7B803357A.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F3EED925374D47b390A794B0ADB6E03D.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 41A8A108AA404ffbB7AB27D128D9F453.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 25758FE91A9849c9BC2E3921218E5C95.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 68653CF0D4A74aec8A66A5CA6B576FF6.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 054D8A46E738466c8AE4990781B07F5B.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7C17D0F051034dc483D779068DC81F76.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 10119270C5864c3d9960645FF6C9BC5F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 010EC32A90154934BE416B519423C83F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2AFFC7EC29254b84A49C752A34853053.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7821E9B9636041f8870E9AE8B43C8C07.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C168470333C6414cA98C298700A4EBE5.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DB393BC002B54aa9A276A397A6843C10.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2F91688138694f90B07DEAF46EAED0CE.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 62AECF1658DF49f4B9C02B0F41A28B18.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA21C8A589BE474d819EE8FCF38BEFA4.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 374D687043C54ce6B8061989AF65D33C.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FE4B698CBEA44832A182F1E3A7E61B6A.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D2EBF02017E0407b925D5ED0CF97008E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2545A05066E74ee99932D46F819F54A6.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7A2C0071B71240ae986487696942C8C2.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3B06CB2ABF064bf692335DC53658DCE7.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D231374A61F94f12BD7B17F186701286.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FA1F5627D6A542c7ADD58EEBFCE0A684.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 16712AEF7900471b9FBBFB9ACA5BE1EC.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 905B3BF6FAFF4d08A1DBB97D3DD36DBE.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1D8A09732C95422fBDACC289681C9BDD.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C3BB5CBA826F4e0c9FEB94C5A5FF09FD.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 11EA49C5BF344feaA1FD4B050643FD85.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1EB78811FA564971B3D4A29F1E44D56E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 14B6E1C383DD462eB8FA373FBFB7A57F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CD71737DBE3B492eB5DD9DCEB3306A5C.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DA01B1146B13460b9569D4EF6D131BEF.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D9B33391511D4a25B765FC150A1B571C.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7FA6A59C6B124b0b95060CA580C420D6.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B688BE9E88504e9fAD9344357EEF9DEC.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CAE38D236EC14902A9DA89CFF6EEBC14.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1DDABB29D0984ab087B21EDA88FBF8EB.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1C48790DEE954003A838A4DD5A15763F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 209A01E797AF46849FCBE1667B036831.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A54B6611D02D4d1dA73241DE5485D837.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1483736235.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F10E55C392664078A35757292A268CA9.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2581705D086B4a97A7D445DFF5D67A06.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E12223977E804ba1B9733651922B5AB1.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131282097741781628.txt.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DE3C776C509C45a7BBDD00F3C6975877.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C5F4015C81F0404e8CE1C1175FC613C0.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B9D4D32B5ADB4d28B0272106315C40F7.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 12265F018F934aaeA58E25F4E46914C9.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6DAF52E5C1FE452eA62CB9E2743BFCAF.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B20E00E0E7894e94AC9472E6DE0A8E07.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1483736106.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1483736105.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BDA85098FD8A46b4A0BE38D562EDAB76.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 50EF62A80988405490A6E7255CF6C3BC.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9480B08819E04fb5854A3350EC33B8E3.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1483736069.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1483736069.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1483736068.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD6B6D085B0A4d78B5F2916AA9B73CB4.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 31A5D9F171A844caABA5F1E27B9B3145.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C103E6CFA5DC4ef9AF360D6F78F2ADAC.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\1483736025.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5D070A00596B409582ED30965EBFAB4F.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CE5B8D9524EF4ae59A6C680F849ED88C.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CA98350CA2B74a268DEFC4E1361E64C6.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C5797465414D4126886B5C6306C83BCA.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9558CFE8260D477a95202E9A01BD70EA.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7B612112249548e7959C3C0714EB2405.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\bf12e2ac.png",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1CE2B41CF2FE451a839DEEAEE2CFDEF2.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131282095010256549.txt.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6F5C9F5B6BA443e7834144B814F1E7DA.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 13775119C7394e32997A0964D550BB53.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f303311fc7f1e047b45479515c52a2e1\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f303311fc7f1e047b45479515c52a2e1\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f303311fc7f1e047b45479515c52a2e1\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5022ce51527ae8108d977846c4b06a28\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\26363451e59624eddcdaaf65e95e152a\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\26363451e59624eddcdaaf65e95e152a\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131282094710337196.txt.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\67d20e43856731bd628bd49effe80f87\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\26363451e59624eddcdaaf65e95e152a\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\838b9f62.jpg",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\36e9c577260e3f20cf9f8ef8a58e30aa\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\599f396a3cc79651ae6d57a6bb9cf389\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b8814810bbaeedcd77a0d6a67d4a73bb\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b8814810bbaeedcd77a0d6a67d4a73bb\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 64EF7ADC69C54915A3C61B40892C1FA6.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b8814810bbaeedcd77a0d6a67d4a73bb\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\599f396a3cc79651ae6d57a6bb9cf389\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7509DBB508E04641B3E6BBE2B98DF16B.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\599f396a3cc79651ae6d57a6bb9cf389\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\599f396a3cc79651ae6d57a6bb9cf389\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 77B3597106594808B25CE8516922395D.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9b35cf3226b983411e1f649220fc16c9\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\599f396a3cc79651ae6d57a6bb9cf389\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\eb695fb7.jpg",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131282094410027791.txt.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e70cfbd4f989598eb7873559b5b0a9d1\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e70cfbd4f989598eb7873559b5b0a9d1\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9b35cf3226b983411e1f649220fc16c9\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9b35cf3226b983411e1f649220fc16c9\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e70cfbd4f989598eb7873559b5b0a9d1\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9b35cf3226b983411e1f649220fc16c9\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7f262c334e7167afee4bc7c9c939eba1\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9dbf50fcdf9b1eb70ea9f40d171994ac\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9dbf50fcdf9b1eb70ea9f40d171994ac\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8466d83df17ea3472e177a9eab954b35\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9dbf50fcdf9b1eb70ea9f40d171994ac\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5CE15F48905A419eB3712DE6DE847ECA.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131282094109554413.txt.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9B34EC2F860B4670A93F9D65B1AB1CDB.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5D160B942E1746c6BDF2CADF395A0E14.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5fe321bcd5bb37d83b0d268d0cc8a711\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\35038c27bd9a135975467800e5da26ef\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\35038c27bd9a135975467800e5da26ef\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\35038c27bd9a135975467800e5da26ef\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5fe321bcd5bb37d83b0d268d0cc8a711\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5fe321bcd5bb37d83b0d268d0cc8a711\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b04f8702c24bda5e7cc6bf2fb9f18bde\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131282093810128809.txt.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5fe321bcd5bb37d83b0d268d0cc8a711\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5a2f0d996b0b1a7578e0f792cec71f54\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b04f8702c24bda5e7cc6bf2fb9f18bde\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FBF55EABB4554d8dAD23DBE54E2C9503.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3D308319EB9E41b8BAD16FCAE9248430.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0A11CB913BCA4c5eB0C19DC4AAF2A459.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5a2f0d996b0b1a7578e0f792cec71f54\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c8dcf82851b20c819c2216595561c225\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c8dcf82851b20c819c2216595561c225\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131282093509180606.txt.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c8dcf82851b20c819c2216595561c225\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b04f8702c24bda5e7cc6bf2fb9f18bde\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5a2f0d996b0b1a7578e0f792cec71f54\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5a2f0d996b0b1a7578e0f792cec71f54\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9f9df3ac1bb1fc64afb55295f7e328a2\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9f9df3ac1bb1fc64afb55295f7e328a2\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5a2f0d996b0b1a7578e0f792cec71f54\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9f9df3ac1bb1fc64afb55295f7e328a2\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d32617639bd2f15386aff41391bf9287\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b04f8702c24bda5e7cc6bf2fb9f18bde\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 95884B420273450d8B3A265BCBFDEB7E.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131282093211326055.txt.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d32617639bd2f15386aff41391bf9287\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4d36469f773528ff1bc03ee79e6d6631\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3A4B10ABE29046a09082888355F660B4.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5871E8040BC24bf39486B6B281A29118.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d32617639bd2f15386aff41391bf9287\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4d36469f773528ff1bc03ee79e6d6631\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d32617639bd2f15386aff41391bf9287\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4d36469f773528ff1bc03ee79e6d6631\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f2cfd6dfc3efc1b5192b75bb7975c4b9\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d32617639bd2f15386aff41391bf9287\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4d36469f773528ff1bc03ee79e6d6631\BlockMap.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BIT2499.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BITFBD3.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8F0F0DB1EE0C4d5f8E5B9B0B3A67B2E5.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8322744F1764465480F2A6F24BA6DAB2.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3F75D6ED94824b4cAFE113236699B82D.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CDCC568FFC974690B860C6B341B3332A.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0ED6BA62725C435598DD441FBFCE22E2.ppd",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\f9890b83.jpg",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\2f60b3bd.jpg",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1483735609.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1483735608.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\ed44d9d2.png",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT27BE.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131282091741136218.txt.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\imprbeacons.dat.~tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe","C:\Users\user\AppData\Local\Microsoft\OneDrive\settings\Personal\global.temp.ini",2
"2017-01-06T00:00:00.000+0000","Malware-VM1","C:\Users\user\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe","C:\Users\user\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0NL46TQ43STQYCWH6D3A.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K78CQNV3SPO0T27FVCLZ.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2G582E4R8A6NXORR03LP.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RBRY7NTE6JEZQCV0I1V0.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NHYWXF4NP8HHOPWRM0OJ.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2I2CX7XEN7JMUAE1CX6R.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\547LT0QSLH7Y9YQLG6FP.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\F3SPQUGQBPTZ2Z0RZEHW.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\532F.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OK1NQSOEB6D37H4NDZVX.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\IMT5XG76M75NJSD1TJAC.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\N1OOQT2QU10QFLW0VBZS.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CU4IDF1RCSGGAQIO1K6U.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5B8PJA80WKJIK7EBXGIL.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\E40D.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KCLBMAA9L214B8CLKJ1O.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OB8CPDTL5E2QA3UVNL5A.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F6CD.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RIBGSQHXCFGTN1M3RJZJ.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6287.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XW8T62T17CAX5H3SFGOE.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\47I1G072B1TSVIO5RUNJ.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SERXIO99K8GUNV8GLH7T.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CMH26NCKA71M933RI1OJ.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\GJXUBTHV6K8A8TVR5TK1.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YXDPEHRYKSBZI0BXUSY6.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7UOJWJAF9P7KWTM7UVCV.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QZZ0HM9W180SFAK7UM0Z.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\O8YHCPRO3UEVD0GIL0FR.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\41W528FSZZ4C60LUHU45.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\2B36.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WXYNKW3FLD9LCMIZYU7R.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HQVGE4SAL4SEA34F1HCZ.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\I3PBYI002W9Z44GJ5Q84.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\71TCVDJQJG219GPA5OCF.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XUKIFAMWX4SLKICLT3GS.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OZWFWHYS3PBUXZ1C83EM.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\M15FV4IY7D5U3ASNP33L.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5FGPKWGT63LZ32JMBBIE.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NXBMO0JDX0M32UFAP4D3.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SUA5L4IF8DP4YDOO5U73.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\973C.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\I7V7XJ5F6B02M1E9T4CQ.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YFB9GX3HOKSGKB6CQWAR.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5RRFC9R04IQB3OREONUT.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5CAWZO7OW5E5FBGU53NL.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9KPUPGBALNBG1L98EQ5B.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\H64SATARKLWOZ94EBCPU.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6JMHQVH7M6OQW3WLT9MY.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CX853AN96YD0VNL7WV0Q.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3KLIYWSLYXLG23XG5J9I.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VNGE3QZSWDKO0PYHV76T.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\351.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DISASUW4HUQQ0GJBGC32.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\S8YH9LUGXTRB4B2OC1QR.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3S1Q78U0EOTYWRIK47PG.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\R16EXTZ9LDQ52SMM5VF8.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YLHQ0KGPH051MEO0S7JG.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3F2XV5YVRGWH5TJM0NB6.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LW5XICTHIYIK0618GQH5.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\U87PE666XBPE12X54IXI.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NYW9YVZB5HRY7EKSS6D5.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\L2RGPXXNB63526MLAY0F.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\6F56.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4IGP8AGDOM390RYLOKNB.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HFVPBDPUQ6CNK7HF0VF3.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PDSW6G3ELND4B4X39Z1T.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0Q3BQCQ5JJGBAG3XJY37.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PV6B7PTO0IIHZU08TLQY.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CEVEXUL4NOUWP6V98KQJ.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6UQRM2YLFRV552B3CMWZ.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZYDTZC70PSCI74BITU6M.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DFHOKZ0UJIV6QEI7LJ6Z.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EF56OW1UPYU1MIMHRD5Z.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\DB5C.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\FE3BAFVX63I1T8KEOW0J.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DA2EPAEQIKQHM7YFZ80P.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\T73PJEZO1EYQHYNCDZ4O.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\FNR8IPFB82FFWYWL08S4.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT45F0.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZO2OWXZ8H53IB8B8VLUA.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BITB026.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7PUZDO7W2HRXSJ3I631F.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WOOD3A50X31K54X0VZ36.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BITADA5.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KSBE6NQTAJYY1XDFAYW8.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\V6JG4WAQURC0GQJ30259.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\8260.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\G96P4W6K9AFFQ4ECBHPB.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\4770.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NOPQ7VSDRSCVW03J983A.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SVJHKQVUGCM3BEL7CXHF.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7G1MX75ZTK77E3BY39F4.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\M297IWTHADGG8SLTG08E.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\3cb28d.msp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb28c.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_security_dll_x86",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb28b.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_security_dll_amd64",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb28a.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_drawing_dll_x86",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb289.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_drawing_dll_amd64",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb288.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb287.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb286.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_directoryservices_protocols_dll_x86",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.Protocols.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb285.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_directoryservices_protocols_dll_amd64",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb284.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_directoryservices_dll_x86",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb283.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_directoryservices_dll_amd64",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb282.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.ServiceModel.dll.x86",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb281.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.ServiceModel.dll.amd64",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb280.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.IdentityModel.dll.x86",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb27f.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.IdentityModel.dll.amd64",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb27e.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb27d.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb27c.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb27b.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RXRP6XVD6O3UJDJRQSC0.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\3cb277.msp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\Graphics\warn.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\Graphics\stop.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\Graphics\SysReqNotMet.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\Graphics\SysReqMet.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\Graphics\Setup.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\Graphics\Save.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\Graphics\Rotate8.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\Graphics\Rotate7.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\Graphics\Rotate6.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\Graphics\Rotate5.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\Graphics\Rotate4.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\Graphics\Rotate3.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\Graphics\Rotate2.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\Graphics\Rotate1.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\Graphics\Print.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\3082\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\3082\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\3082\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\3076\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\3076\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\3076\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\2070\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\2070\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\2070\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\2052\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\2052\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\2052\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1055\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1055\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1055\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1053\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1053\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1053\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1049\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1049\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1049\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1046\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1046\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1046\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1045\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1045\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1045\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1044\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1044\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1044\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1043\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1043\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1043\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1042\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1042\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1042\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1041\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1041\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1041\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1040\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1040\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1040\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1038\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1038\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1038\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1037\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1037\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1037\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1036\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1036\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1036\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1035\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1035\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1035\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1033\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1033\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1033\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1032\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1032\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1032\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1031\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1031\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1031\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1030\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1030\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1030\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1029\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1029\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1029\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1028\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1028\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1028\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1025\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1025\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\1025\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\SetupUtility.exe",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\NDP40-KB2742595.msp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\ParameterInfo.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\SplashScreen.bmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\Strings.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\UiInfo.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\header.bmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\watermark.bmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\sqmapi.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\SetupUi.xsd",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\SetupUi.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\SetupEngine.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\Setup.exe",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe","C:\03e405351b37226347253dd6\DHtmlHeader.html",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\3cb276.msp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\05JSMDFD16D8IINF8PY0.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb275.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\wpfgfx_x86.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb274.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\wpfgfx_amd64.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb273.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb272.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb271.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System_Xaml_x86.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xaml.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb270.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System_Xaml_amd64.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb26f.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationHost_v0400.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb26e.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb26d.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb26c.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb26b.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb26a.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb269.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PenIMC_X86.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb268.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PenIMC_AMD64.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\3cb264.msp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\Graphics\warn.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\Graphics\stop.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\Graphics\SysReqNotMet.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\Graphics\SysReqMet.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\Graphics\Setup.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\Graphics\Save.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\Graphics\Rotate8.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\Graphics\Rotate7.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\Graphics\Rotate6.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\Graphics\Rotate5.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\Graphics\Rotate4.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\Graphics\Rotate3.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\Graphics\Rotate2.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\Graphics\Rotate1.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\Graphics\Print.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\3082\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\3082\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\3082\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\3076\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\3076\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\3076\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\2070\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\2070\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\2070\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\2052\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\2052\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\2052\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1055\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1055\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1055\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1053\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1053\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1053\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1049\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1049\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1049\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1046\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1046\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1046\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1045\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1045\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1045\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1044\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1044\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1044\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1043\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1043\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1043\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1042\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1042\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1042\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1041\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1041\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1041\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1040\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1040\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1040\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1038\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1038\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1038\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1037\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1037\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1037\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1036\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1036\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1036\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1035\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1035\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1035\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1033\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1033\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1033\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1032\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1032\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1032\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1031\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1031\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1031\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1030\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1030\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1030\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1029\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1029\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1029\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1028\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1028\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1028\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1025\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1025\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\1025\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\SetupUtility.exe",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\NDP40-KB2737019.msp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\ParameterInfo.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\SplashScreen.bmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\Strings.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\UiInfo.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\header.bmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\watermark.bmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\sqmapi.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\SetupUi.xsd",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\SetupUi.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\SetupEngine.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\Setup.exe",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2737019-x64.exe","C:\796af94689a5668a9fa9\DHtmlHeader.html",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CBCYYVMYXP5W6C3PJGQX.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\E2JA24VM38LY7L4D0AD4.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\3cb263.msp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb262.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb261.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\3cb25d.msp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\Graphics\warn.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\Graphics\stop.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\Graphics\SysReqNotMet.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\Graphics\SysReqMet.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\Graphics\Setup.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\Graphics\Save.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\Graphics\Rotate8.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\Graphics\Rotate7.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\Graphics\Rotate6.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\Graphics\Rotate5.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\Graphics\Rotate4.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\Graphics\Rotate3.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\Graphics\Rotate2.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\Graphics\Rotate1.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\Graphics\Print.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\3082\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\3082\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\3082\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\3076\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\3076\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\3076\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\2070\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\2070\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\2070\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\2052\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\2052\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\2052\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1055\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1055\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1055\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1053\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1053\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1053\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1049\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1049\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1049\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1046\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1046\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1046\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1045\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1045\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1045\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1044\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1044\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1044\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1043\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1043\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1043\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1042\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1042\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1042\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1041\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1041\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1041\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1040\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1040\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1040\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1038\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1038\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1038\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1037\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1037\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1037\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1036\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1036\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1036\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1035\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1035\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1035\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1033\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1033\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1033\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1032\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1032\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1032\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1031\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1031\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1031\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1030\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1030\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1030\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1029\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1029\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1029\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1028\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1028\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1028\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1025\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1025\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\1025\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\SetupUtility.exe",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\NDP40-KB2789642.msp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\ParameterInfo.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\SplashScreen.bmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\Strings.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\UiInfo.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\header.bmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\watermark.bmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\sqmapi.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\SetupUi.xsd",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\SetupUi.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\SetupEngine.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\Setup.exe",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2789642-x64.exe","C:\22ce6d277dae1c4906bf61\DHtmlHeader.html",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YF5TIA6RTL7QQUTFKBS2.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JWEC30PMWUFZNSS7LNJ0.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\B375.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\3cb25c.msp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\D9XNBOBQQ6VEN4S6TTFB.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb25b.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb25a.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb259.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb258.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb257.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb256.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb255.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb254.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb253.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb252.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb251.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb250.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb24f.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\microsoft_jscript_dll_x86",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.JScript.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb24e.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\microsoft_jscript_dll_amd64",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb24d.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb24c.rbf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\3cb248.msp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\Graphics\warn.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\Graphics\stop.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\Graphics\SysReqNotMet.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\Graphics\SysReqMet.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\Graphics\Setup.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\Graphics\Save.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\Graphics\Rotate8.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\Graphics\Rotate7.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\Graphics\Rotate6.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\Graphics\Rotate5.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\Graphics\Rotate4.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\Graphics\Rotate3.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\Graphics\Rotate2.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\Graphics\Rotate1.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\Graphics\Print.ico",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\3082\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\3082\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\3082\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\3076\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\3076\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\3076\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\2070\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\2070\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\2070\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\2052\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\2052\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\2052\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1055\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1055\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1055\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1053\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1053\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1053\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1049\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1049\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1049\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1046\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1046\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1046\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1045\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1045\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1045\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1044\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1044\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1044\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1043\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1043\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1043\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1042\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1042\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1042\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1041\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1041\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1041\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1040\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1040\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1040\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1038\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1038\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1038\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1037\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1037\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1037\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1036\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1036\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1036\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1035\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1035\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1035\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1033\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1033\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1033\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1032\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1032\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1032\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1031\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1031\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1031\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1030\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1030\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1030\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1029\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1029\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1029\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1028\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1028\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1028\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1025\eula.rtf",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1025\LocalizedData.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\1025\SetupResources.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\SetupUtility.exe",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\NDP40-KB2729449.msp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\ParameterInfo.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\SplashScreen.bmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\Strings.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\UiInfo.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\header.bmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\watermark.bmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\sqmapi.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\SetupUi.xsd",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\SetupUi.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\SetupEngine.dll",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\Setup.exe",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2729449-x64.exe","C:\0939676c7cb1677868ff\DHtmlHeader.html",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JOLYBT3U5QRWTUT709XK.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256.mum",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256.mum",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256.mum",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\7B32.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\78D0.tmp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8ALP0X102H0UQFWQT82S.temp",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\wuident-inner.cab",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\wuident.txt",2
"2017-01-06T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4A00.tmp",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7DBAC2E1084A42dfA6E288B2074A28FB.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C3C168D56A724286926E34DC61628347.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 93393C3D28354006ABF4744B8C3F59EC.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4C8D6ED99EA1473fA4C81C1C91F4E3CF.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 45E515C4F8994c0fA3464D4936E4DF66.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 406C438BC9404038BA79847C02B465E2.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DB13D8E052B84a02ABDF3AEABB2689D7.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 55F775354C8349739E187784E8BCCFCA.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F44A9F1A553746a69BF8D2974CCC413A.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 31452FB40D2544dbA0C9ACE0C40A0212.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 36D61C3C1CCC404d90C4B684BA71EE3E.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0F600FDD0A354ce1B9F1784ED592E7A5.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4D04EC7EF91E4db5880B1BF1ADB81296.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9FCDF2A346334355B8A9FECEEA10CBDB.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C044C25902194d1993DA5F8CE2DBA19C.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7402CFE3F1CC4dfcB2E958E9EC921240.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 520D6A82C0A2470cA948D3BA1B43B136.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9C8B585BC9AB4790A9DA5E3E591D2234.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C8C383393B33416bA91F958B940936F2.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A20C0C618FDC4795B705CC6BFE947463.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 14C5A0AA9FA04b4b8FD5FF16C2E17573.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FD972253D5274f5a927B8A85CD6AC14B.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C04C9F7B129D4520B260AB19C70D25B7.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ECFFA8C78EEA4e73981205284E1837E0.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A8A0F218CB254690843F8FC9EC3FE137.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1155BD60F21A4211B35BB7671DF21AD7.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9C3758FB196A4419B4938919011B4E77.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0675025302FD412b8160C7195EA94497.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 759A9E4EF0444ae4A28C6F125D97C295.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B5C83A3E2EF0408fAF5074FE6762C883.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 06A67E11B6EF4cda963E68C1F6945C2F.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A95174919FAB48ab89746F307C01D591.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5CF1687F947F49c6A741B7F3F831AE87.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131279680891087320.txt.~tmp",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C0805F9DEC434243B9120B5CFCD04FEC.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1B7DAD4A6159431a9205D61A5624D48A.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D73893C9DF744d87AB9FC279336304B7.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E61BD93B7FAE42f49A436712AC199B2B.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FAC6D59EC02549898A262A68E5A8FF72.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8488C51ED8D741589E496A9443DA6223.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 800AD97818884843AB7A86CA49FC87FC.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8AC25B5D7D0F4798BD5A77D9B0D4F092.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5243313EDE6C4988807FAC73A685E8DD.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DA89371A9113460eB1F2E06396CD0C5F.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 130593D4108F43a991DBB446924D028F.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0B5D4D50D2914eabAF4D0B46F4E4DC4A.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A2C463E628014e00AABB5861E84F84DF.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5BBE021FBEC94904BB4E8BB4082F9860.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C9E9162DC6004e24AC8790D377806F65.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3FF484862D4449a4BEE499A12C213E88.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 407D710329D346ef9DD89AF3EA4CED40.ppd",2
"2017-01-04T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1C44EC46717549b3A967BE5B5B709B9D.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8F0EA1EDD4374311AB8F51B01BDE02BC.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7352A51A2C0549e6BDA277BAA3F475E8.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CAB5D63885D0419888CAFC4E80D135C8.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131279598928428905.txt.~tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT6500.tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6FD2402939CD4d908AC03983EA8269B4.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C698B0778D7846a88178C0EAEDF051A2.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 065C54E253A94f7cBC2F4BA902FF4C22.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3D3829F71447471bB35F76B45BC2FBA9.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 868E23F930464562878CF30A716EE9B3.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5DD9653149634fc8BF51A21EB4E3AB8B.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9C12E795FB7047d48B87F6AE0F1E1EB4.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 48582C21415B4d1cA418A440A97DCE59.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB70F0C00842402cBAD3AB3C8B7F8DA7.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D7A238CC807542f580CAA1A1A7DF1BD2.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D03D87EF51114dab81934C87FFF204A4.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D4E0000F97304bfaB8F2F0E0D82C8A40.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\6732baa.msi",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\6732ba6.msi",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\msiexec.exe","C:\Windows\Installer\6732ba5.msi",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FB949C14168E4ee6A5E6DE16C0F7E490.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C92209434B3C4b9eAF2F821782C16F5B.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 223039B2E83F4142B7426A65CE943600.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 449B9AC5A2FC4e3e85F2157610EBEB7C.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BBC6EDC4B5A24365A927959C5ECDCA5C.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3BEB46D957D54e78B235A0D3C988327D.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BITC628.tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4C305FBBA0004783AB06FB59CE5BF0E7.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 15D5AA5FB43641ae8E40AD799A3910D5.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 271CB0FAAB4944538D8E33663F8D5051.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\14FUP2GUK135X83QRK5F.temp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8D639B4379F94c9792B02940BD7B63EA.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7333D24FB1624e5dA3F6153485087548.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E38D5431E16445fbBC8DE60191BD808D.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9AC00202A4E947948253F20056EEBD87.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5E4800A74FE6436dA30A945314059D3E.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3D747EDA20F84e1e833585FC4D16A85D.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2908BB9D557D4822BEE4ED322BC503F9.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DF45B1BCBC3E4659B9E336BB72EFA637.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E6DDD450AF2048bd8EC56ECA0316AC87.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_e708f365ace4144b\TiWorker.exe","C:\Windows\Logs\CBS\CbsPersist_20170103224942.cab",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 265826332263451e9029F13830A174AE.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ADC744BF786B4c3696054E9108A35476.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_e708f365ace4144b\TiWorker.exe","C:\Windows\Logs\CBS\CbsPersist_20161214234906.cab",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_e708f365ace4144b\TiWorker.exe","C:\Windows\Logs\CBS\CbsPersist_20161214232141.cab",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C5484B0A1FC9488380A4BE5FBA370E25.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F9129CDDF93A44a3B3AB2ED0DB001E02.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5AD38A3F00844c98AA6520779A52D5F7.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B105C14FECD341e2AD76C8BC3ECF0178.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 249954D8800F4782A5CAEFC89D5989BC.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F0144E537C4A48a3B53EE29834647B2E.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 739248282B104c0982E2A8CB93ECB5E4.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C622B4D1DDD44884BE967A26FF5EE0B4.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E23464C785C54296B3500B1763F4CE90.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 33490B82F1A1407fA5D852513B3500C9.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 30268166577B4c138E87A126BEC81864.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CA43EF636B48474f8205FC7AFBA3C463.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8B5484CB92E24690B9FC0721B0993096.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2247CE7FE9E944ccB37DD84FEA12A91D.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6508BD1F11D54e40A50580E080AC1C70.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131279571611211213.txt.~tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F102F149E24A43c186D034C275462980.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3BAD9BE156814812B0EF8BE61874F1AC.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 766E3413E0224a43A2AFCBD8D71BAB78.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 06AFFDCEF18E43a39DF996635B4C8EF0.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 27B71CA55ED14a8186661BC2E1F2E273.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6687E875BCA84c9fBE8C320F2DCDEDB1.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 289B9E748A424fe5872FD5D115E11440.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DBCA7379E7DC4923B324ABBF4F86275D.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E2C7FF374CDB4f02B1F566469B1C0A70.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CE4E3FB2FE2040668F4646166E206398.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1C528A49BD0F47a4AC7FFBD7A8320C25.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C7D3F5BFF7E5457090FEC3F57F39D758.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 02E112EA48F3419290E9D228ADCC65B0.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1FDC42D94C5442d49C9518AB92C6C400.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b8814810bbaeedcd77a0d6a67d4a73bb\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\dfbbbd734178d14bbfe19580ef8e46e7\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA668646396B40bfAB1AFC32F9C1B8FF.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\BIT9D7D.tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\21c046eb6b6e890f3b96496aeb68c9a1\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\dfbbbd734178d14bbfe19580ef8e46e7\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\599f396a3cc79651ae6d57a6bb9cf389\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\eventbeacons.dat.~tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AB2147986255484fA2716A74756CA2EF.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e70cfbd4f989598eb7873559b5b0a9d1\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ACC605A9F60C4ce683C3CBB23394A1A7.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9b35cf3226b983411e1f649220fc16c9\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D9531C7048F440c5AEA27495E173B003.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\1483483313.~tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7f262c334e7167afee4bc7c9c939eba1\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\848c4f651fbe6bf4f8165a3c4cdd70d6\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2e5e7fce6d50241fbc75bf2ab743a2ad\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8466d83df17ea3472e177a9eab954b35\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2e5e7fce6d50241fbc75bf2ab743a2ad\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f92f004228f425a5ff7f1c4389bbd2d7\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\790a0bd7194786b5d32b10204c75141c\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C2CADC77A447438a8DDB750C874F1AA6.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C071EB831F26418b8CCBC299604B0D5A.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2F1A489A6F424c519726F938F1135152.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\790a0bd7194786b5d32b10204c75141c\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2e5e7fce6d50241fbc75bf2ab743a2ad\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9dbf50fcdf9b1eb70ea9f40d171994ac\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\35038c27bd9a135975467800e5da26ef\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 42B629A098A1466d8E6E707A1A6D808E.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0DCF9100967D4d8e8C7E1EC54C351D2C.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 144321DB821545c8A8D3AC5ED77443EC.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5a2f0d996b0b1a7578e0f792cec71f54\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5fe321bcd5bb37d83b0d268d0cc8a711\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c8dcf82851b20c819c2216595561c225\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1483483208.~tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1483483208.~tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1483483204.~tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1483483204.~tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\936af71a576efbf13a51426b0a7c5f9a\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT1616.tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BITF4E1.tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b04f8702c24bda5e7cc6bf2fb9f18bde\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b04f8702c24bda5e7cc6bf2fb9f18bde\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9f9df3ac1bb1fc64afb55295f7e328a2\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9f9df3ac1bb1fc64afb55295f7e328a2\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1483483184.~tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5a2f0d996b0b1a7578e0f792cec71f54\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 168D440BB2C8427c963A29F762D72ABF.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BITAF3C.tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131279567733060149.txt.~tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9f9df3ac1bb1fc64afb55295f7e328a2\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b04f8702c24bda5e7cc6bf2fb9f18bde\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 93C5FF0E8B7A45dfB261AF4CA27AB20F.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 89462DF777D047218E8A0CBB12349438.ppd",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1483483175.~tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b04f8702c24bda5e7cc6bf2fb9f18bde\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9f9df3ac1bb1fc64afb55295f7e328a2\BlockMap.xml",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BITAD75.tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\1483483163.~tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131263413753637149.txt.~tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT5096.tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\1483483098.~tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131279566962117380.txt.~tmp",2
"2017-01-03T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\BIT427B.tmp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\2CFE.tmp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LUQN2G7K1KZKKBPIE520.temp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F1B0.tmp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\3cb247.msp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb246.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\WindowsBase_x86.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb245.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\WindowsBase_amd64.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb244.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_windows_forms_dll_x86",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb243.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_windows_forms_dll_amd64",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb242.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_dll_x86",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb241.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system_dll_amd64",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb240.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.addin.dll_x86",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.AddIn.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb23f.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\system.addin.dll_amd64",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb23e.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\sos_dll_x86",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb23d.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\sos_dll_amd64",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb23c.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationHostDLL_X86.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationHost_v0400.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb23b.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationHostDLL_AMD64.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb23a.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework_x86.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb239.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationFramework_amd64.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb238.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationCore_x86.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb237.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\PresentationCore_amd64.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb236.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\sortdefault_nlp_x86",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\nlssorting_dll_x86",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb235.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\sortdefault_nlp_amd64",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\nlssorting_dll_amd64",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb234.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normidna_nlp_x86",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normnfkd_nlp_x86",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normnfkc_nlp_x86",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normnfd_nlp_x86",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normnfc_nlp_x86",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorlib_dll_x86",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb233.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normidna_nlp_amd64",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normnfkd_nlp_amd64",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normnfkc_nlp_amd64",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normnfd_nlp_amd64",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\normnfc_nlp_amd64",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscorlib_dll_amd64",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb232.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscordbi_dll_x86",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb231.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscordbi_dll_amd64",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb230.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscordacwks_dll_x86",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb22f.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\mscordacwks_dll_amd64",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb22e.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\clrjit_dll_x86",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb22d.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\clrjit_dll_amd64",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb22c.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\clr_dll_x86",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb22b.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\clr_dll_amd64",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\3cb227.msp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\Graphics\warn.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\Graphics\stop.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\Graphics\SysReqNotMet.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\Graphics\SysReqMet.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\Graphics\Setup.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\Graphics\Save.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\Graphics\Rotate8.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\Graphics\Rotate7.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\Graphics\Rotate6.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\Graphics\Rotate5.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\Graphics\Rotate4.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\Graphics\Rotate3.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\Graphics\Rotate2.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\Graphics\Rotate1.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\Graphics\Print.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\3082\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\3082\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\3082\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\3076\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\3076\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\3076\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\2070\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\2070\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\2070\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\2052\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\2052\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\2052\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1055\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1055\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1055\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1053\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1053\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1053\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1049\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1049\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1049\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1046\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1046\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1046\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1045\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1045\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1045\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1044\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1044\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1044\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1043\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1043\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1043\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1042\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1042\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1042\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1041\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1041\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1041\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1040\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1040\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1040\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1038\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1038\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1038\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1037\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1037\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1037\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1036\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1036\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1036\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1035\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1035\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1035\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1033\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1033\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1033\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1032\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1032\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1032\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1031\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1031\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1031\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1030\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1030\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1030\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1029\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1029\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1029\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1028\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1028\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1028\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1025\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1025\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\1025\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\SetupUtility.exe",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\NDP40-KB2604121.msp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\ParameterInfo.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\SplashScreen.bmp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\Strings.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\UiInfo.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\header.bmp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\watermark.bmp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\sqmapi.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\SetupUi.xsd",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\SetupUi.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\SetupEngine.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\Setup.exe",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2604121-x64.exe","C:\b5f4ec6cd0a1886f43ef1a471afe\DHtmlHeader.html",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VR2U01WT0MPEBWC49TH9.temp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\3cb226.msp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb225.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelReg.exe.x86",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Config.Msi\3cb224.rbf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\ServiceModelReg.exe.amd64",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\254A.tmp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\msiexec.exe","C:\Windows\Installer\3cb220.msp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1OSGR2C00HFTIJBU7HQH.temp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\Graphics\warn.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\Graphics\stop.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\Graphics\SysReqNotMet.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\Graphics\SysReqMet.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\Graphics\Setup.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\Graphics\Save.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\Graphics\Rotate8.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\Graphics\Rotate7.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\Graphics\Rotate6.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\Graphics\Rotate5.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\Graphics\Rotate4.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\Graphics\Rotate3.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\Graphics\Rotate2.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\Graphics\Rotate1.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\Graphics\Print.ico",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\3082\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\3082\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\3082\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\3076\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\3076\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\3076\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\2070\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\2070\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\2070\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\2052\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\2052\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\2052\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1055\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1055\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1055\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1053\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1053\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1053\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1049\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1049\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1049\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1046\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1046\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1046\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1045\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1045\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1045\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1044\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1044\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1044\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1043\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1043\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1043\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1042\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1042\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1042\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1041\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1041\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1041\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1040\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1040\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1040\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1038\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1038\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1038\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1037\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1037\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1037\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1036\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1036\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1036\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1035\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1035\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1035\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1033\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1033\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1033\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1032\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1032\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1032\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1031\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1031\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1031\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1030\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1030\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1030\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1029\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1029\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1029\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1028\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1028\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1028\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1025\eula.rtf",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1025\LocalizedData.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\1025\SetupResources.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\SetupUtility.exe",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\NDP40-KB2656351.msp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\ParameterInfo.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\SplashScreen.bmp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\Strings.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\UiInfo.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\header.bmp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\watermark.bmp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\sqmapi.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\SetupUi.xsd",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\SetupUi.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\SetupEngine.dll",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\Setup.exe",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe","C:\4942e283b4d81291aa6c\DHtmlHeader.html",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\5875.tmp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4C15.tmp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256.mum",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256.mum",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256.mum",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\3B33.tmp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\wuident-inner.cab",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\wuident.txt",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RMC5QPF6RLHPRAY5RW0R.temp",2
"2016-12-25T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6PCYCLV3TTDCOHP3F8S7.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\E80OSRED8XB2WX29J9KU.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8UBSCJM2BG13HMHPCXCS.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QMP893WJXUUN20MY2VZY.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9P7X9BUT8WPRAJUT3TKZ.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\92F877WEUCN0GJI07IVQ.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2V31BT5AS8AA53AKQ7MQ.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4XJG8AC1V0524GNL2IJB.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\8B97.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8VRTA2NSFFEOAEKSX9JQ.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1RZD9SUQCI490G3U8GBM.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0TGU1419FL930IZC4DXK.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\R7U9AXHRYEF200RBE3GQ.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JBEFOOK60M42HUMA5VAQ.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\3E66.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\S1KXIQFZE0U7LXBSEKW8.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\51368TO2RMP48LZRESNR.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\5422.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YQRRH7RHDAB6FW9AIT2E.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VNQR3JKL029685I2VT9L.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\69PZP9Q7Y8HO4Z521UW3.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\F79A.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BITAD17.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BIT9FFC.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OX797GXBQ4UWN43EYP8Y.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BIT68E5.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9KS9IZPMWOQU29SM14FP.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CBD4.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\E59NWXX2L3L2P087MBEM.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\5CF9.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WEI5MBXXBGNDM8IMMJ3M.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\F2WXOSN8K7VET3KJ4N3D.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\AD83.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UX1NEEY4UH0THWV841UB.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files\VMware\VMware Tools\vmtoolsd.exe","C:\Users\User\AppData\Local\Temp\vmware-User\VMwareDnD\a94cfed1\12232016_174328\.DS_Store",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files\VMware\VMware Tools\vmtoolsd.exe","C:\Users\User\AppData\Local\Temp\vmware-User\VMwareDnD\a94cfed1\12232016_174328\1179_3469_20161223173148.0.Dicom",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files\VMware\VMware Tools\vmtoolsd.exe","C:\Users\User\AppData\Local\Temp\vmware-User\VMwareDnD\a94cfed1\12232016_174328\1179_3464_20161223170739.0.Dicom",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files\VMware\VMware Tools\vmtoolsd.exe","C:\Users\User\AppData\Local\Temp\vmware-User\VMwareDnD\a94cfed1\12232016_174328\1179_3465_20161223171117.0.Dicom",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files\VMware\VMware Tools\vmtoolsd.exe","C:\Users\User\AppData\Local\Temp\vmware-User\VMwareDnD\a94cfed1\12232016_174328\1179_3466_20161223171449.0.Dicom",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files\VMware\VMware Tools\vmtoolsd.exe","C:\Users\User\AppData\Local\Temp\vmware-User\VMwareDnD\a94cfed1\12232016_174328\1179_3467_20161223172104.0.Dicom",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\983.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\EE06.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Z036RVBI04TXATUJXS2D.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Users\User\AppData\Local\Temp\chrome_BITS_2956_30348\BITA8FF.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\MicroDicom-0.9.1-x64.exe","C:\Program Files\MicroDicom\settings\windowlevels.xml",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\MicroDicom-0.9.1-x64.exe","C:\Program Files\MicroDicom\settings\print.xml",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\MicroDicom-0.9.1-x64.exe","C:\Program Files\MicroDicom\settings\overlay_st.xml",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\MicroDicom-0.9.1-x64.exe","C:\Program Files\MicroDicom\settings\overlay.xml",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\MicroDicom-0.9.1-x64.exe","C:\Program Files\MicroDicom\settings\exportVideo.xml",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\MicroDicom-0.9.1-x64.exe","C:\Program Files\MicroDicom\settings\exportImage.xml",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\MicroDicom-0.9.1-x64.exe","C:\Program Files\MicroDicom\settings\exportDicom.xml",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\MicroDicom-0.9.1-x64.exe","C:\Program Files\MicroDicom\settings\application.xml",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\MicroDicom-0.9.1-x64.exe","C:\Program Files\MicroDicom\settings\annotation.xml",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\MicroDicom-0.9.1-x64.exe","C:\Program Files\MicroDicom\settings\animations.xml",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\MicroDicom-0.9.1-x64.exe","C:\Program Files\MicroDicom\msvcr120.dll",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\MicroDicom-0.9.1-x64.exe","C:\Program Files\MicroDicom\msvcp120.dll",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\MicroDicom-0.9.1-x64.exe","C:\Program Files\MicroDicom\mfc120u.dll",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\MicroDicom-0.9.1-x64.exe","C:\Program Files\MicroDicom\mDicom.exe",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\B854.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\MicroDicom-0.9.1-x64.exe","C:\Program Files\MicroDicom\mDicom.chm",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\MicroDicom-0.9.1-x64.exe","C:\Users\User\AppData\Local\Temp\nsj97BE.tmp\modern-wizard.bmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\MicroDicom-0.9.1-x64.exe","C:\Users\User\AppData\Local\Temp\nsj97BE.tmp\modern-wizard.bmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Users\User\Downloads\MicroDicom-0.9.1-x64.exe","C:\Users\User\AppData\Local\Temp\nsj97BE.tmp\splash.bmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\974A.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\946B.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\9055.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\85D9.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\7A53.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Users\User\AppData\Local\Temp\chrome_BITS_2956_31566\BIT47DB.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QGII8T4G5SSM8N1WHHGG.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6D27.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\4FB7.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\3B4C.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\F2OBIR3Q2X416IYH1IPO.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\C37A.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\B97B.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NNK2ULFDRG472ALWHN2E.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\639A.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\480E.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\1AE5.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YZ1U3X2W9S5QPFPI2MFG.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\E2D2.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\A841.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\A785.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\A591.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SW82OULLDWCYGNM3NTQ8.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6783.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\56CC.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\517E.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\6a51f5e9-130c-43d0-bbf9-c5cbebf33a79\index-dir\temp-index",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CVPK8922MW0Y1WD8EBRC.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Y5HFXVB9K3IARE3I8DTX.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\891A.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\6600.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ON9HDOLIBXDWYW8P0XAD.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ISWTZ1A76MCMT2SAL0Q4.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d89415d7d87798aa893bc96de23881ce\BITC498.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\de8edad1625790bd21e68d38efd5f55c\BITC487.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ad0e0ac78c2cf90ab5dc3fbe62518e0f\BITC467.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ENOW6TAPHRCB3X14SOF2.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\3C2B.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\79ffdb09e2b5c3599d50504489a831e8\BITC456.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7297f27005a2df10e582004e8bcbe709\BITC436.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6ecc98a9399518449bc3a5662c3e74c5\BITC35B.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\373d69fea900c94e18c8084c9529174e\BITC222.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2642b15d83a7da771704427a892f09d7\BITC201.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F201.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OMH9DTH114GP2RVQ606F.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\BA0C.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\428baff648777a7f60a1adb636c43df7\BITC1F1.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d3436b3e45f58171dd5b9e34fbcbf747\BITC1C1.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\6C59.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CDIQXQIHE7XY8416LSXQ.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\4DDE.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\243615b1b3ec4d12e1d6e9d7e14ed055\BITC1A1.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\72239044c88b155c9f257adf07506a0a\BITC181.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\222B.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-d.exe","C:\Windows\Temp\c2380986-bfdb-4939-add5-a9b745da3ec6\mpasdlta.vdm",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-d.exe","C:\Windows\Temp\c2380986-bfdb-4939-add5-a9b745da3ec6\MPSigStub.exe",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8b1f9a2662c71bd5d1d22d8f7ef110a4\BITC057.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\A28.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fe5f450f2abca720e399a3a584832480\BITBFBA.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\67F.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\F752.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5YUCQB16GDV9KE3XGWJI.temp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CFE0.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CFE1.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CFC0.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\CFBF.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\CF80.tmp",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Program Files (x86)\Google\Chrome\Application\chrome.exe","C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256.mum",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256.mum",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256.mum",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\wuident-inner.cab",2
"2016-12-24T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\wuident.txt",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2714_1704_notdimmed.tmp",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FDCE9434902F4901BB131AED808290BE.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 76AEB9AC9BF146db90B0DA768C0DF29E.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4379A769DBB5420bB1FB4040B111D51A.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8AFCE6DACCE34f55A95991F8C639B0EB.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 85DBC96A35754d1b91950BA3C7C1D19A.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AC3E84BCA0E24268A1D380094684455B.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FAEBFD6ACB2543628EEAFD6D0902BE70.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3F55A0736BA547cf85837117E9D64636.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6FB5FC36588449daA584D5BBE22E3AAE.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F9F2AF1E598D44cdA0E237D69B37F2F4.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CCAE658B957D4b15BE1DA9A549CDB8BA.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 151DB4BF9FBF4eafB871B39FE0619F53.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ED44BC5235904f14911A11B06C4F7F3A.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FD8840578369462097C927C350DC1027.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3BC4477062F64916B3F6B4266600B1EB.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 902D6CA7C4554c46914F092692E36E48.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A35897802CDC43f4A39AECCEC0C6B3FC.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5DD73978973F425dB282A383ACC18D2E.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 34236EFE48544a698BA6D944D2FD1607.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E952252EA54D4a74BDED38143452D05C.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3E4810533CEA465eAE6B2652F655C3A6.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 57F6D0C28DD343a1AE35E064B1C1DDE0.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9DBC88207DAA4ec7823F9CD2E39D895C.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 87479577E7AE4246A4046077F88EFC11.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BEA1508EA323496c86EBB3407E98AB7D.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD3997CB6ADD410480247DFE1BB4B7B0.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 78F647A0682148548F0E4B55AA02DAED.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 707E0039134D49eeB48866E5A91AF6F4.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1E633FF184AE4aa98D65E2A543762D11.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FEAB577E092F4e3a9324B0F00C5CEEE0.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6DF8CE8E04C94c04AA26CB44DB3E63B4.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6BFB1F2FE85249d79468F54FCF5C33D5.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 55941FCA053241d1879EE1B6358D3903.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6FEFA320734744169A6503D1C7B93A60.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7142D85AA8BF4a3c900E301760B84673.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D90157C2AFDA4abd837BA2BC90BA37BB.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F341D35ECF6749b08208A1D92F208AF8.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CDC96173C71D47fb9C99CF5E4BA8352A.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B1052A6169EC48c385E73B227314FFC6.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 07CB6F2FCF734b7186679C25D009FAF6.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FB4DC67422CA411dBB2284D5C4DCAAB5.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D0EBBDDC48174a16B8AFB5520ACF7DB1.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0F18BDD4B86643d59321EDC541899C01.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B1475634AE5C45dd9EF3A7A0420D5D26.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D9C16F1EBE51476385B0285B3301FDD9.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 256164C76E1145c69BCACC9C2DABB2AF.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DF03347EB9904c8dAE81705937493DB0.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5A7B491165174884A022CBF76D6C2B6E.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 024B4FF49B6440fa969325FE3A28958A.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 03F9F3AB28C245c2849F9528EC499996.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 733EFEE0F721433cB34C59843F45920B.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EEE174E6AFCF4f01A382D1774BF9DF0A.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 020CA07D699746bcA698700BC47D5A02.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5763E97B852F4b23851F668C021AFC3E.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A41490FE56144b21AEB5325760BB5E0B.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 413BA4B475714762AF1A0D548EE596C3.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 74F9E512F59844e38528A749FA659BB9.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 199B9CCF194F4a788AF4064B7B0F46FE.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1298021A780840589227655BC061F2D5.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DBA10FC69CBF4c59953E26A461792B90.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1B6830E09C5946deA5FA6233FD18B2FB.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3415478FD14D4af1B234AB71ED07E215.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F39802F28C504722B78B6283F3C30D03.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 520776CA7AF24a9891F17291F2ACB634.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1CC155F4EACA48efB353666A0DE8CBAB.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 806606D4C35E4ce69D6EFCEBF601067A.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 805E597591664772860176EC9F0A4C1D.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 589BBEBCCB77440cAAF3837E90488925.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 938A1D674E2A4fb39D2B73D2CDE13A7B.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E5457579C1524f11A81A24AD91B1AE1B.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5A4D4F5209BA4e70A7910708331B8E53.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 94AB2C8836DA415682F5C7F636B40638.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9A76275285DD4cafB6C9AD3E399B9251.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 10AA91EE7F914b2bB1280C146C9F9402.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4E959739D86E455d9E1CD2B4E56194AE.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E12696E9CB3D414bBF9C16434CC84DEB.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0FB6AF6D637644319F7318DAD449E8C8.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F7AA2DA6E9E24d2a8443B93961943E29.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 222702F4C30F4b98AD72822A879BD40B.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AAED00048F244c4385738CD0E9AFF275.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CC81CB3FBBA74cb2973897409825BAF3.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 558573EC600C417d846A58FCAA916E29.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3840A77854FB4a87AE60F62859F0021F.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8341B79FB37349a6913A317A1773D381.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 38788C2A4D7743b4910CB2C17EEE8FBD.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9A78B641E92C464eBDC85DEE9AE1DE4A.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 41CDED766980432bA50BD01E36A72DD6.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F4640976BC1B4162BE407020607F45A0.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1E35BD7D8F204f4eB85C6888D135C49D.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4BCEEC9F396D43db9FFB18E0810375FD.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 96F0578452D44bac9DA75698D759B990.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4CDF9B0BDECE4c619E0B6FAF7BA7AAC8.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 052BC631A7FC4ce4A80E70CA314FC9BC.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 743731F45EBB4bcc8A330CE50FB9D1D8.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6E6107247BD24a3aAC165381136F196B.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 664FB3A576A741a88C03128823F25765.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DCDAFA7C0EEC43b5AE8E167CCFA972AF.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 41726D434D144f56A1D52E9ECB5AF275.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 33F3D102439D40e59537EAAD8667CC8A.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 210BDFB5BF434f1c8B2817297B487E68.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 921CE33258234ea4B5C5C76E91796D1D.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CEB55FD4B5A548fcBB88AE502801D9D4.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 809F86E3DF014e83BAFB9BC244EA9914.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\91ef23af.png",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\8a3ea578.jpg",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C79F3A69D65D453d899577EF3941AD60.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 488349B09B884b26BD9A098F5FBECADA.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0B3343432206490a905EABC85E49907F.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3C56C7FCAC30425a8F5BB04E2280D9E4.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F765474C1BAC4d51BE53AFDFBE6E16BA.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C9202544AD6F4b61BDDE004B0815629E.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7872E5A1781F45358B2BE0E4BDF0D0A0.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 038B2D4E5FEF4065A4D649AB5FA458FA.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0E3A0815E6BA4173907FBE7B439DB44F.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8CF85121E8B34173A00647E10B7976F4.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E9DE5DA6CC064718B77C464126301A05.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 38778756231646bf8A457EA128CDF85A.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A4274CADAD364a5bB0F63CF4F44CE3B7.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 22142CE4DDEF4159B13CAE7096999437.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 20028D24E1EF4e7d8BA8F6873465B22D.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9FDC22102F314ef09C7611339202F439.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0332B7872A5946f99E15D62ABD2BB908.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7B4C5F21ABEE497cBB43F4B5E6217058.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 73940B14C1EC4ca0A47C9CCB321820E6.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D8511594293C4bcf80A0AF603F0AEC7E.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 78228E74CE1F4042846622BEDEF03EBF.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 91D3E4669F1645c6B62AD771DA292D01.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A47AA3CE2852487fAF71357F039B0258.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AD6682D673E44d5481522BBF43457FC0.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 537CCE3A4FD8418e9E71F05B1EA69760.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 77DD399F34E840ac90514960EE771D48.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 43E9A26949474e799784E8E8B653803E.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\5e72fbfb.jpg",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BFDA756A2AE6405aADDBE92E61519CAF.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 619553DDC8154db29D3358345244F7CD.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 824D18AEDC5940ea9FBE95D758FF4C25.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9E9C960ACF154a43B1D705C0A501CE49.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C45241AE241A4a2d89116BFE1D50EE19.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F25301AAA7844bd5B9AB8076F60920D6.ppd",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT3B84.tmp",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BIT31EE.tmp",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BITF31D.tmp",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1482249992.~tmp",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1482249991.~tmp",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1482249990.~tmp",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1482249989.~tmp",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1482249987.~tmp",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1482249987.~tmp",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131267235856364587.txt.~tmp",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BITF476.tmp",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-20T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AFBB2D04F58D40c6A124C6A0C98006A1.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AE7F16FF5EDA470fA741D1A932422EC0.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8CAA26FEE93C44b79AF512D662C2FFB5.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4E5C7E91FF984cf7918EAB44012E214E.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 95FFE1AFDA974347AED6DCD253490CD3.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 41FA6D2E50C84b108E0DE42B28F83F3F.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C0F74AC40CC84f8a9B4FDB700EA974C1.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 60D712063FF54d7487AA4F37870F09D2.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 795DBA1791354057A9FF00A22098DD55.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1B22CC0FBCBA42d9A6D94D8A807E9F27.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4758430B92694316BA2C71C6868759BE.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4F6BD447CF854f5682BAA01002064544.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2957F22ABFD14bf7BC838B0878587BFD.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5CF0260D9DF04081AEB4710C16B79559.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D0939DAC676C41d4BA9B87D518F4EA3A.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9A219100ABB4416fA7135B1D3A8E0D0B.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6EBEA932A4DC4953B0E0B2A7B24DD362.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6DBB422963B24c61B3676379BD87C0A3.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 07A958070F754e5298F800478B9092F1.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 109F9C520A814fa198647300564EFDE4.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9A188701DFD348699805D4D4C30C7D3D.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C96B6418748C4c0197280DB0E1183B1A.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AE968CA550FF4431949BC446F79C7201.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CDC4709DF57B417d81613A04CB5BA625.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 54CD48BDC2214e4fBF17B36844487EB7.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AF9E14D0F5414f72AED6684AE4BA578D.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B6C80AD9C2064d77911E8CBE6CE81F48.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7601F93D1F29433f8126A376189A0396.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\c8dcf82851b20c819c2216595561c225\BlockMap.xml",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2e5e7fce6d50241fbc75bf2ab743a2ad\BlockMap.xml",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9257CC9DEF0744adB403D451B91E4129.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5A20709BB09E4013B66C22367D705766.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT176E.tmp",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9D0C87DF240649d1AA3027F209A9C15D.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8CD68FADA85B428f994DDD28BB358800.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 05E791974EB2419f80CC6F0131AD0E06.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AB591224A8CF47f48F4DD39ED5A53D17.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5320238A295B4112BEA44265299C021F.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 57E3000443C94280A5F9397983527843.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A9C76EAA4E974a4dBE6176481272473B.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BITE55A.tmp",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4F53E9DB93584384AB737BA183645366.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6F26528226304316AC73F048059743B9.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1482040995.~tmp",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1482040994.~tmp",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1482040993.~tmp",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1482040993.~tmp",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1482040992.~tmp",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 278DDE1E0E8A49c88AE1105BC1FB9C7C.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1482040987.~tmp",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1482040986.~tmp",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1482040986.~tmp",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 068E0E356B9148fcAE5EE53F95664583.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1482040985.~tmp",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1482040984.~tmp",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2ED4D21218D841ea9D59AC369275C8C7.ppd",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1482040983.~tmp",2
"2016-12-18T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131265145818332306.txt.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 224BDE60F90C4fa2872A769F6A2E14A8.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 64E6C8CB313D49aeBA2EBF0177577A2A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FF54918802DA419491AA8788830E8E12.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A1405A18CA7245d5A90C95C2A340242C.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6D02D72BD8F64ef2860FF14E8454C576.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 82ED4A4C4E884a8b9C7DB41103477D72.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 60EDEDECF26D41afAC3BDC5E98608E2C.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 78917EAFC54F4440A1E315EDEAC5C976.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C9805D95488D405bACE104A6CAB7EAA7.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 60BAA2C61AFF4963AAE856D7FD6DDB74.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 256EB7B97EC340a3BD4B216D0D8D6D54.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CB589C600426495bB902040CFACBC47C.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2C956823B9114cab9CFDC37FD8822D56.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BITFE47.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B78972F93D57439bB3A0F5F3AC44720C.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BC045C281DC1491a9AA8BA060F4C772E.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6B693B6247E54b71A0DB0EE30BA0DBB4.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E60901CEC6EF4d64A38F24F9D20CE065.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B3174B003D8E4a66BD0240AD59D8677B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2D938E46037548e8B6B5EF4180C45111.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 20A586D436AA42f58E789CEC4597B56F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4FC0DD776F0A4ce493DCE313AD090E62.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 65C947366F68475289DEEEDA2002438B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BE757AF38D36453bAA1C63424D5D6FD3.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FCB700AD1E2F42f3954ED767EF9E54EA.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8212CF78538E4d7f87CBA4322EEE21C0.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 504E33793CE546d895847A5BAD8D1E7B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AC7918FB0C79457d95136E67DA9F85DE.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A56C337AD99B43bf9A202C353987E73A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F0A37A4E64D84650A4E999D5625CC05B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ECC3A372981444968F5F68C5EB04C087.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B5ECC838DC824ee7B87556F97AC2EE63.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1CBDBD7FDE0E4574B54B4E992547F0CC.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DD5903C7B50949a9BF038BEFEDB3CA88.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1A06AE74326F43ed86C85C9895C689F3.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1E04A87D92A94abf8A2E84981A9C9BE0.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E36F966F40CE456c8E72A37B63F899DB.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D0E47B48ED0B4eeb87AC49E90527880A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9509A4EF6B7F40478A8448F19A6D10C6.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 25608FE65FBA44ff8B64B117C1DD1BB4.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 09EC71D3C1644e0d95734EE5AC7D4212.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BFDB56495CFC48d694F0CFDFE93899A5.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 78CD8525A326459c8A98498BD589A470.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 67F055FF7FF3479cBB2025C6FDF8A0F7.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C887C9D5BAE0424dBC200C88B463F3B6.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F4D972D79659482aBD712E70B8814A28.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C4ECA2467BA0443787148B919BBB37D5.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6D2CFFC083FB45ccB17DCB26B00A9E64.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E5BD1B11FDB74bfbA58DF8B4442D4D24.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 029720499CBB4c188FDFAFCDBBD34117.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E9274270465F4cfdBD30CD55F2139295.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 20FE3F8048934d409570BD664FF8B3B1.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 89E248E1772349d8BA4B35F5A53A3539.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4054F45DDA91491a87309EAFA514FA6D.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2C52194935BB4ab6BADB20867A3192DE.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C522707040D5403c8A123604CFBE4449.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 84416FDC94B54cbc84BB0A41D890B352.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DA628DE80F884f69987039A44F0CB651.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B809501C697B4e9cB4EEA34F91F27B99.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 11C294AC6F434924ADAAB6B908FA94C9.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CCA7296A40164cafB215ACFE25E46EC0.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9D158B57D08D41d4ABF43E4EF2350616.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 51889E20663643b3A47CE723367608BA.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ED51AA6A3A774bb19CE818B83E64E781.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4B9793A8AA0F468394EA9C33654A5E15.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8016EA75413B478aAFF27C124F5F9503.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1BFF3D07F766451dAA9075FEF926D6C1.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D713A9E036134f1dAE3FB7B30137BA10.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0CDB398164CA468288AA801A0C747046.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 753800CB03914e2fB57FAF2346960759.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 35F3DF948E404c078A2CE62287212F2D.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BF7C6E135DDA4b78A4086DFCD6EBE5E8.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E01EA296677F4ec8A7276757FC15D0E1.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4BCA5E7DE3F24f55B57FD4199BA5501A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 84823057ABEF4f2eA413EA48F768B426.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5B2B77A6521546ed929E9E32E6064669.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 71A662861C244d66B59C2439181F4299.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 720C482D79024a70B7B823802A63C019.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FECC200AE6A24a218AB14578866BEB0B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6288EB37D107469fAD0484E217CD917E.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7312C8778BA14684B027D113D3389AF5.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 91074189304E4db69E7BC6F20234258D.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F2A693AF7F9749fdB33502F63883C49F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D13A4B07696E4a5d93F93478C18BCF4C.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 27B8F694EFCF4375B8D92C0C17045B5C.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 39525096F9324d15BBF5D2002ABA6816.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 936E58977B834538AA5311248B3A628E.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 80817B710F2F4ea68B2D3EBE1FA32ACF.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 52CEDAE7721D4da6A1036D38A2CCD429.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D944E2EFEFB44b1cBB443ED4CAAF30B7.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0A0DE361FB984af39E11272203041E31.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1B1398ABE96640e7BF9C1EF309FA65E8.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9550267908FE4a8498ECC5EC73A0E917.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B573B9331DB84204A9FBA737E91C6283.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 12521DE5D5244f4a8442F03806708F9A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9E333E1E7DBF4d89ABB7B0E32F02F733.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1B9673D32BDB41d5B69EB912FC7AF2F3.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 969F59BB66F647beA40BFCA5A9FE4E36.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9FFC8D9366684f66A090488EE14E4C28.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C8C45D11EF354cddA81D7CC7929317C3.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EFC9415A39C9468c9B02C40FEA56C474.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C3E89C92FB21469d966AB0B8C504A4AE.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 85BFD9835E5E46cc9BEB1EF89BF937AB.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AD9B407387DA4428A91CFCDF4F16B66E.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 937EBF0B7CAB429eAAAA23ECB6F74BDA.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 238093FB260B42409057BA36F8C1363A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 40DE1B14ACE6474b864910E5C0E2051A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A954E6C5B62A4c298012BAA25791D28D.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 92AD712A7D97484192674EB145BC8381.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 04D7013691FC455fAAD53B711E1051C1.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D3357B27B20E4638B5BE105A748CCD69.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EFF0E9EF6270477097E8468B0EA17F54.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1401CCD2B74B4e1eB717628E81F27480.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8C615C64CE574e9a864C172B9130C3B1.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9FA3B8A253894ed38638DD0A85C17ECB.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 785715996B4F499492965159CB9D3B2D.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 17979F743A0B46d987631BA16481ACF3.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 313568E87988489aBB0F213A2AE3BBBA.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E5614A58BBFF42c5958FABE90F10BE51.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0FA629E5C5604c01ADF2463F357AE191.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 83EA2E73FB1C4bca8DC0E6CAEA771681.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D43E4C9682384409BC3AA0FAA3668D89.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 18E8B1B806884ab49C7B38B94D540408.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E76DD49680C3437580C31173EF3A21D0.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2AD44CB272CE4b7bA9A542132B6D58A0.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2CF262C6918441c18F066F586B006357.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7275E14E8F994033BE744DC656547F86.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 04117FBABC764422A812CC2A5E99BE76.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0E112EFB53B44189A32CA8DAC78790E7.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 19A3147D9E414f199F0E326657581EED.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0CEFCB49298D4a3cACF279216EEED726.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4872E8784EB14c12B8891A54D605EB67.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D0CC22143D274972B6177B474593D0BA.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3A927E6E535141a3BF11A8B10C25C747.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A42D9D625901464d99B4B9CD3AB6E35A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CF92931C651E4af99C25520CED939F39.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 07818B9F4FE84cf8B6E717D35025C4D6.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 18F2516D407D418bB1F2A0406DF97CF8.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 82B6B91CA8974441ADE495EE4E651DC6.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131263804848764819.txt.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 687E7B04723744c39CC8FE4322075DF9.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 728ADFB0192E4e0d9A3F811FE81085B5.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A71814BB110E40e1A6A1B9860BAB0237.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 25907C712BA0429b8A40F1435024DC06.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0DFA2F68458143c386E8A838C5DCB95F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 907A903713A44384B43D8289FE7D8B53.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3F6FBB616F7F48eeBA1DE0B3A7B4090D.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8077086841B04421AF372E5F0368D656.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 944877F0438D4f4e9E01ECCF52E3D30D.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 443B98EF616F4803AA81E08E183BDD97.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 411C52ABC9EC47dc870000CBAE1F0855.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9D960FC190B6438d8473991EB1D27D4F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 87AFE0BC6AD94e63ABD878E31ABAAA33.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FF3B169FA27649a8A64EAD8052B012F0.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E520AFF9DA7C4864B55DEAEFF104FAD0.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B004B6309D28422393EDF0A67587DAF3.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 71367DBC840B44cc87AC4104083D41DC.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ED2A0EC5078141d2A2B81E951E1AB8A9.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1EC1AFDCACAF4522AECB738F6751604D.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D26A079697054958B5BD20920D024DB1.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C413497D081E4b8dB5750B8085C68775.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 40EBFCB2E0FC459e9AC75E6DB0D02F3C.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 81AEB7C004AC454d9BB5939F2803D9A1.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FDB94CFD51D24d6380F8083A8FE231E3.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 99CCC7C085EE407eBF57C78305DDBDC5.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1ED19FFF6F3645f6BC80035D3F96CC3B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1FAD6CC856DA4005B29B76442472FED9.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 882C738442F14a138895A74C7EAF5551.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9ECFE005F2CC47cdB4F036DA32FAE92F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 56E8E06E1BA648ca9EB5864820C66453.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CE28014AEF2C4364BDCB2EB92D3901A1.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2A1D00364C67448d8F5E0A2717EB8648.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6162AFF7DDEC4f6092D0F1A1367F6B25.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6502F4A64D98441dB4212C34C6AA0CAD.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D4BACCBB0557435eBC84A998E7EB3CB1.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C7CA3318C9824346A8FCACFD302CB0E4.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 16BB1AE5B4E14943BD4EEB9020451D05.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0DFD8A6F12BA44fd814856F329E51A9F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B475899BCA82499894A63C060E8CD8CA.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B09B004A5DB64226A5FB35AE88384CCA.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5C59F13054F34a0cBBD5B05A6AB558F7.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8E4FD066BC9B47108E81FF24689937C6.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 90BD2F6FB1954c0c8397E800B8932062.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EB9085EF74924f57B206609CBBEBEE47.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 245611B07BBF4ca08AEB2B640EF72B72.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 71738C07014B46a5BBA6469892D0F913.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 96D221EEE3A04ab0877FC05ED22A37C5.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E177C7A43ECE4499A041E66B2C388B4E.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B38DD7D7A12B4ebfB90CBE4AA952B3AB.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9FA575FBD7C54c7f95CCC72E805458B8.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2F3B50645BD743c3A48677DEEFD4D5F6.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 35B90028C5D84dbcA26136109690EC4E.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E4DCC8E6267A4572AE5BA453FA8E4075.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A9ACD6D41E9D421eA7DA8CA89306890A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9141BBA361FA4d39AEABE36C704A23E0.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3C65021E4EDE4e7594145BCE0F38F17D.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A4BE4003A598462cACD3BCCC065A1816.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B498C6CC5435455fBFEFCDC31D7A268D.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8C3F0382045144ffA91E58863FA61BA8.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5C749BD41CC94574843D74B958D4355B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C78C00ADD1A34629BBF72AE961B28B3A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 726ABC5B5BAA48f7A6BF5CB7FD94EF15.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F09ABE0342BA4b5d8972955F7C21C231.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9338FC6A68C64c588E621C39299BA1AB.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0E8D92B3F3064eeeA2F3DD54DA0F76C4.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CC974221B668425790350CEE42883B5D.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E2F84D83632A495eB0BE82EBC6CAA7F1.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3CCF0E5ABB144772B18D6F647EBD12AA.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 04FEBC78620D45deAF2619A2A181F8ED.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 63CD27EB5B2D4048A264BD7B1FBE2184.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E52B010DDFA045fcB7BF81C2175036F7.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C02817A99C5B43d5BA38DB200B9378B8.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C444BD3AD70641568FED810BAC5D4599.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 73A67049D5814354B31B305EA25059E8.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E132D051FDCA4cd09C8357D671DC581F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E770E62B7A754fe69098142526E6A3AE.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E6525430D1664cfa96A992286D1BD063.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 16062C28094C41ec88D1DCE9309A8570.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6D904CE1A91C43688FBFCCC766707848.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C3FB8AF4D51E407dB0F310998466DC3F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EC11BCE1385D4051A74C94C143ED22E3.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA63E87EC3FE4c99B4F0ED5393A41C03.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6BCF241323504d6a96165B5D53B338F4.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F7047565E81A40f3A2CE8E94E852B389.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 45FFEFA87B3048fdAE5B30FDF4FDE2D8.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E6D8B719C27C4b1a98B2C6C78740D808.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD889296E8DB441e9085664B713F60D4.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5468F32E3A0046948B16129FB6DC5B83.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F120D2A52F654e34B60B246B62F5025F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C944041F1D6B42af889615E067CADAB2.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 115769708FB545349BD87798DD173E39.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 128DE034C4A0474aAEC373E58EC79560.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 115E14A6C0104debAACDC40E86C15BB2.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CA8EA83708EA4a888EFF89AAEEECBD5D.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A743D93096A74b9b8E71BCA86144F4BF.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0B6A3E852D2A473aAE22B2D4C3F8B5A5.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 90558CB0D0F141deA64C464D33E1A24E.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D0F1CC0EB5424a0dB3D6779798E244AF.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 04A1CDEC63E545b8975DE0DA7CC21343.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FE2C1AAD58694f828F556546C4424AA0.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C86D777288114ba796B601AA7EB92A3B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4273BFE9818C404aB589A2B486D1B429.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0941F659DFBD4005BC0B6AAC10E669DE.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 054887D27C4E49a6B7CED09993E99067.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1570F27754F24519AC9C7E69D7BD9E54.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 57CEB0D27E984602ADF52F186028C719.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D30091CF3C304c969D5DB2C6B56C8860.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7440844F53BB4cb3A11A8295D9A20C97.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CC7953558B4545e89AD1D01938DB8B58.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6D9B8C9D6EB54a89BD2C7820F77BBBCA.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ACCC11A148814fcdBCB53CB3BF252195.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FD44D4DF27774f04B0BDE0D2B539B058.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F296ABCBA91848e2BF570477E480C705.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6E925ECA086E4f1fA34FB0927E061C9C.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 384B94675F70448fBF3D8B67A24EA2FB.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3E14D17B0B1D4044B91BB94974BCA066.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7A0B52E8549A419dBEA1B0C26F91835E.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9E90C588F298414dB74D671380EA3FA0.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 63A5164699B14214AFEB37357DE226BF.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FB4B01C4039847ab901E91DDED5A43D6.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 50E8F02D0B0241758DA84D89B7EE33AB.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B998231DFDBD438bB3D4FF8617BABA9B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 953FC93F70AD455bBE5B69A1DC52AAAE.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DA6A1F03FBA44583B13863D94CC412FB.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A5B61542A68D4884AE7D80BF02BEA682.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5555D7F542394222A0C4B4954EEC2860.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CCC1B3A09C234aed9CDEC13E1DE574DF.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3F011548280C4fc78BC3027782641432.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A3E46E2978D0422f8B7BB387D7F8A405.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A37CC3552BAC41c480B49368AFE97BF7.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 47DABE4C91FD4633B885B4E9CE1E23AD.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F73742A68B5841bc8CEF47570D6C02D9.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0A9F05BDB10440c58A2AF6FD4CE5995D.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DB5C3D53CD9846f084F697EEEEB8FEE4.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C28B4741D6CC4cd69128C4B8BA760C46.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 93CBA056FBFF468aBA5A6D82F7B8B77C.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D9B41D186F9346aaA5EF636BD773DA8F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 24FC2DAE538241a9AECFD54C428EDA5B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D7823443FF2342a0BC8AC4160162BA6F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B44302C4E43C4ebc8603F69D3452EE1F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 05FB68F55A244812BDFF389DA6FC069B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8B8B75336DC84d909A96086B16BE0E6A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 88B8361464114675AAA4472D9CCE92F2.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E97157BA0AB24739BD332239327D25F9.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FB43EAFB94814d9e910BD6ABA74FECCD.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E53AE17FDBC546bd8F594C0693BD7889.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1D434ED42F8D46428F16CD8138B8EC1A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 20B2DC2112CD4200B50E62625C41A62F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EC0F50D7D9B14fe0A7B2D7EBACBFC0F1.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2B8F8587E1E64ef7A49129AA96E7AFFF.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BCDDDAD45FB14d73A4176D8382C2ACEF.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E1CA34DB42844baa9918362BF98F052B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1889C71B8F454fc9847EC34EB6E49AF3.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CC49ED32303747ccACC439BA4B880B44.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D1ECBA3DF194417894D8A6EEF7B0F3BF.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2F9CC17B6046441b9B0B6FD11B41D675.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EC02F92F7FD64b4581768D8858F563FB.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A573A2FFF3894a039C0B1FC1FB7EE333.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D5FD87CED6C44ed28E9A26C46C2E6C55.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D2075EAAFC444c3594A466D3BA2E07A1.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 17AEE5988DF442bd9F5901C7139A276B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C1E2CD23608344688CEFFED222DA05CF.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6B70A91BA60F4aecA541F1D51B7B7B73.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E828CBF6EC5F40deB49BE60C6E320860.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2445362F0F4A4835BF6DCA8949261500.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 308B295D7B5E43ffBE32B28D1A30B310.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EFC9A0D978C04ceeAD32365D55B31A36.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Desktop\RemCom.exe",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\Program Files\VMware\VMware Tools\vmtoolsd.exe","C:\Users\user\AppData\Local\Temp\vmware-user\VMwareDnD\a0c3e840\RemCom_bin_1.2.zip",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1A3506D479414a929EA12352D1FF3F02.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0A0DF6AF23A2491eBD2C139E4FD245F9.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0C3EFDB7EF1B469f8C0E107B636ADA7E.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 66B67C33BE1940c390A76B0C267F3813.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C685D023FD4D421bBD70EC7088181383.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT528C.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8D4A76D23E614845A82595F712089F63.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BIT46C3.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BIT822A.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481902981.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481902980.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481902978.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481902978.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1481902977.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 27889A1619C7487a942DC4E230867135.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131263765649276771.txt.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 56A25811856C48809C2397AB3C9A1EBC.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 24E80BC2760B4a769FA7D64B03730D27.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1481902965.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2778_1766_notdimmed.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 21B745C459A54efe86D672FB0D34CCE9.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FE7BCF94796447d7AFCF7C47EAEE13F5.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5CB4C8D90BC14a4eACEF5ABF4C07E5BE.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0E3F43D865924a579FC748A1C4AF217C.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8257890330E0487389E4EB3CF4AFFE61.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 91EBE4DC448D4368BFF2B68257139181.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 58E57C4D56674c74936F93585A801E71.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5B1BA89D1D184a5bAFC1AE084625BC8A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 32773252F5DC447597117B58097B344C.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1E5FE687B8F94d0d9E6A43C10C209B5F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 71787D46BE684624AAC7D0476EB7EAA6.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7E812A60D47B445eB58AFF82A2CD4DC1.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D788886F1A4D42baBA04F1EE8597E74A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C0C45E5074E54f18B9C906F865B478A9.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD35AC406D694ca0B517769A1ECE98F9.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9AAF763D33C742a9A3F01F102E1B7630.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6A2C172253574ea3AE787B15BC930741.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A87BD560CA274013B91471A1EF33CA0A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 32AE270BB2A24c8eB1C1223B9EDCF215.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 29090834AEE5423a90AF5CE46975677E.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 451BE126F95848258DBE6CDBEDE3EFB3.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2B60C946F1E2426a9D5523D8E5736F63.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A5680D6804A44f4689AAD70FC4A3F37D.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C91E6FBFA43643c980220F780EF9A47B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D25D6440DD8748b580EE9EAA0FF23751.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EDB1860537E345e7BB4327CCD9C8CFFA.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0406A04FD46A48beA23F865D3965343A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F3BEFA820CE0418aABA1C864346F4E62.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A74B09CABF9C4441BF7ADEBD79195B95.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B3C34F430E2241aa84C6B3B3A19464DD.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ECFB97939EC14bfcA8A53FDBFCB34DF7.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7CB2C3301D714fbdA37B3F6EACA7BCAB.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AAE5B9542D954401BF4B57D3EA6FDC9B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 382D35CB05F84f83B6ECE92C9DD40EAF.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 581C353ACDCB4adcA259D1539A354171.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8D8D7116120A47ba99CE643579C67704.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F94CB960534C417192B09485278F7F6E.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F1102145945543259239EEEFB6105A01.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5AB4260C0DB94aa38E13695466A7B00F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6C9BAC8F6A8B424794CFDAA4F0616185.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C33EE4C222BF42e5A2D3B2C14B0B916C.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DB75A18B019147478DD0D35999102855.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A28E48996EC2405d84DADF99171B697B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6FF35809DD4F403684977CBD43100A1F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 67BD18BCC4C64024AF28E9ADB8EE4418.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0F4CC95A2F5C4a7bBFF7443378145FC7.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6AE3D0E6729B4a6188826D7AF9FB7494.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB6E28D8BE7042ccA366CE285CFFCBFC.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8186198A1DDA48519B19F72DEB5A5583.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A406B86F0F3D414eB96376DBADC907ED.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C8DEC58BB1C942faA96D6FCCFAFD34A4.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4C7C832B310F448eACD7209DCFF7BA89.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 574A2548E5874fbbA89E846EE103400C.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 40C455DA47FF4f648341F3D372A205B2.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F973B941C7694940B58CC904F11ED62E.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F3AA285000C342b8B289C37FB22F5AB3.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D3A66A741EC541ebA21AE0CBF150F4BE.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 71F282A7743245f09EE6F3091B7B4192.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 121F884061174917A7E8F9DA284A0A2E.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EB7D5DDD0B77402fB72B244D0281297A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4107F65873B94cc1A8D5D878708AF7B9.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C6A45CE6A1E54e019B764B09F7449E08.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 755F0CB801164665B3E6BECE8E92B958.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 800E3A26DD7140f4ACD607FA38468359.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5A026FC620CB4e0490EFFF6EC6BDAFA8.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D40EDBB405AC4222B3A0F3311E59A618.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AC3663C4CCD047e78A1147B9F79B04E3.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7750EF072AAF4a959C296F91B08FE84D.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8B3C103267054d15A999F635AA778F69.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D4624CCBFD7E4528AC969214E9802DB3.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 697B9D82840C4dfdABD3F5653F2565F4.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2F6AFA6DA0C94383AE0FEB03610C0472.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5DCBCBAE4D204f4fBD6A681601FA8F10.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1E66D30FF2AB4d449A7C2E77470DD9F8.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C541BA4F97E94363A04F65D79B36F3E5.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EABB9B1586924f6d8594AD83CD6C8F31.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 31AB1274A1C94cd48AB627CED84033A0.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 14E3AFED309F433d957048375C0C1117.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 60C3B133472A47e5A9748CA12ED41D66.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 55209545023940eb8E2D2DCEEA75F693.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 851766415C1844edA026E7605E6BCBF2.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B11430F4EC6A42cdBB2EE6D169997B47.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EF17362268C84f4bBAAC65009F616B14.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 85137468CB804c01AD393E7306720809.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C887188EB4634814AC192E0D491E3731.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AFAFD2C273FD423dBF01E9B92AD6A1B4.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3217BEF8E3F84e7c8E1E772B27EEEE2B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 008D07B020084bcdACBEB3F637DD32D6.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8CA6ACBD07D0494cA13350BD58C0063D.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7287C5A682644e4cA01C6E1DF2CEAE92.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 25F7BB934FFD459d820594DBECA63E57.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4EF2C323996D43e7A6A51103A8C48652.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9FAF7E9ADBDD46fc921ED53BD8B92BAA.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1F37C8A45D014463968E051B99F8B953.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C3637A94D8AC4bed8D65CE7374D07D3E.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EC3FC72BCEA94e9d844BC6562F78B49F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4C50F44C063D4b1d8C6C8F15F6DCDA17.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6818E8B1CDBA4bdcBB046C90C06C48DC.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 70115DA93242412cA49B56257EC1D7F3.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4AF42FEE44A24341BF66F59B184E388B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1FC4CADC58B442149A0A5B1FAB32871E.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A49C326A514C4a3bA0E7AD06FB7212F8.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0B16D3262C104eaa8CB1FE489E259EFA.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 260CC6F3F27D47d0A8BF2B1BF60F60D7.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A71022CEE27C453d9BC5ADEE0F1815DD.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0CEB647DC32F4160B69654412F81708B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1E576942CAB646f48CE09C633FC35623.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 92992B389BDB4468A853AD044BCE5F1B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6225E55CAD5844f191676ED32EEB6CFB.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B0E612D491FE468cA294FED47B650800.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8DDD2B4EFFB649b2AB29C82254BCD952.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 518DD2E800FD4eb1BB9FB43FF9CB55F0.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1E87EFE5ECC24cdbBC5D987DA860C683.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E2C60410814E4aaa9B1E1D269BBACE58.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A715743A90114363954071D3F5B58A2F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E2F577F008A9463d8E9ECB07CC8A276A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 53F716ADB1D0431a8743F825C2622DD6.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 67D4A5BC628A4bceB6B81174CAC15841.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1058E49ED3534330AB727786FC2E8746.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 38D3FE984194466491241FFC6C06867E.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 676895AAFFE54dfeA2177CB9575C518E.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8FE37E57E62949579A6D82245603CA08.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 06A41CBC8186446785FB2E6CB48D55B7.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B861DBA189FF48d6AF197714B7053A85.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7019F555581444b38E78BA8DA1041133.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 68F20E054B1142bb9C2238B84E3CB957.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD749FF880264794889AAD98DBFF39E8.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 626720383F2D43bcBF3AC2A860D8FF11.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 775C5AA429E6467eA2B5EE24A989FCE5.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\e360d303.png",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E264389DDFF3408aA58E9D4CA3E05C37.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4A89E6C55C644f99BD42A9495506CD25.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 144DED46C1E746eaBA3230903A52D3AA.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481869407.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481869406.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\2bcdf8da.jpg",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\3c9b58f8.jpg",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C80750BD59404b9cAD7A671CB9CF745A.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8000548333A64da280AC8A0DBAF26380.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 249F11FDA1C642d7A989706BACEA06C9.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0EEE04B3C07F43bbB54238605773AC33.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 030F481A5BB74356974917356A27DBA5.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BBC38AF88F184ff492EB5976904E8BDC.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8b463925afb12ecb956e7e094ea06c6b\BlockMap.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\665799d4d7943bfb54c51614320e8883\BlockMap.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9dbf50fcdf9b1eb70ea9f40d171994ac\BlockMap.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EC22ADE694464167861F64AF8627670B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1BE5EB1613F74c79892BDEA871AF3E66.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ABC3A091FC8A4a0b984F9C940E068C9B.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\5f43090970668cec4ba99ddf34a1b3a6\BlockMap.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1481869245.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481869240.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481869240.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1481869237.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\BITDF56.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481869233.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481869232.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\e3df671b06a88c63e454bfe6d0b04de6\BlockMap.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9420632767C3424288235009A33D970E.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6c5bb1c68e3de0d4566ea199c82f09c7\BlockMap.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8b463925afb12ecb956e7e094ea06c6b\BlockMap.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 328F541E72C34b399A162AEC75862072.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9249DF380F7A47499C549A0106BAC3A1.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1481869224.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1481869220.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481869216.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481869211.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT1183.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481869195.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131263427869829125.txt.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481869191.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EFB13C4275A74fc998681595FB201DAF.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT11A4.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 303B5E64B02C4e7dB6A69B0A6AEED80C.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6A9ADBB8C3BA4c349DAC5C26C56FF274.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\SLS\855E8A7C-ECB4-4CA3-B045-1DFA50104289\sls.cab",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\mmc.exe","C:\Users\User\AppData\Local\Temp\compmgmt.col",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Users\User\AppData\Local\Temp\BITCC4F.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT3AAC.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d89415d7d87798aa893bc96de23881ce\BIT3CDB.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\de8edad1625790bd21e68d38efd5f55c\BIT3CCB.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ad0e0ac78c2cf90ab5dc3fbe62518e0f\BIT3CCA.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\79ffdb09e2b5c3599d50504489a831e8\BIT3CB9.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7297f27005a2df10e582004e8bcbe709\BIT3CB8.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\6ecc98a9399518449bc3a5662c3e74c5\BIT3CA8.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\373d69fea900c94e18c8084c9529174e\BIT3CA7.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\2642b15d83a7da771704427a892f09d7\BIT3CA6.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\428baff648777a7f60a1adb636c43df7\BIT3C95.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d3436b3e45f58171dd5b9e34fbcbf747\BIT3C94.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\243615b1b3ec4d12e1d6e9d7e14ed055\BIT3C83.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\72239044c88b155c9f257adf07506a0a\BIT3C82.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\8b1f9a2662c71bd5d1d22d8f7ef110a4\BIT3C72.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT3417.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BIT23A2.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BITD5CE.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-d.exe","C:\Windows\Temp\a9fd7682-60a1-4200-81b1-4b0d3f912cd3\mpasdlta.vdm",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\SoftwareDistribution\Download\Install\mpas-d.exe","C:\Windows\Temp\a9fd7682-60a1-4200-81b1-4b0d3f912cd3\MPSigStub.exe",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256.mum",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256.mum",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256.mum",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\7ad646273fa1c58ffcc27bfc5b6ab9d1\BITDEF3.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\wuident-inner.cab",2
"2016-12-16T00:00:00.000+0000","Malware-VM3","C:\Windows\system32\svchost.exe","C:\Windows\SoftwareDistribution\SelfUpdate\wuident.txt",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9f9df3ac1bb1fc64afb55295f7e328a2\BlockMap.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\82f712e450088f1f11af5cd3f993160a\BlockMap.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b04f8702c24bda5e7cc6bf2fb9f18bde\BlockMap.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT53D.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E05B0AA80977400d9A1A9F01F56730CB.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FF345A761C344ffd8561B3307D73E399.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 958F97EAAD414af6AA02F4580C2B3908.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT4BF.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\SLS\855E8A7C-ECB4-4CA3-B045-1DFA50104289\sls.cab",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 182616E498BB4f619D36F5E1EEEEB142.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VUZF1SGBT4Y9Y1BI49IO.temp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0D18ED5B5A9C46de8AC1CFA84E63F45C.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DFF008F48E5149fcA70859E31AF3FBBD.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 848DEAF621B64054864C57C81C4AD0D5.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481867669.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481867668.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131263412681420715.txt.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 67C282CECCD74632A96352A1DA327515.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481867666.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481867665.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 62974E38F9B346b38E49A82D35911D1F.ppd",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131263412622568710.txt.~tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\~usic.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\~ictures.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\~ocuments.tmp",2
"2016-12-16T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\~ideos.tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\SLS\9482F4B4-E343-43B6-B170-9A65BC822C77\sls.cab",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2962_1634_notdimmed.tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\BITC984.tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe","C:\Users\user\AppData\Local\Microsoft\OneDrive\settings\Personal\global.temp.ini",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe","C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5HGXG6X0PBAT5DF9MRF9.temp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\BITC4B0.tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F0B904EB3115449985B45809A191F30C.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6B98E09F3FA5430cA5D72BAC10E57DDE.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4D6EA15EF315440cA8FD83C2633B2328.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A22D9236EA1346f58A49E40ECAE45E03.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 45F8A85E1E314b71B998B7353A1947C0.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8EF1063D118F4ccf9D77E244692D39AE.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D78C0DBB0DF8452692701AAD90E1825E.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F91AE61A025243d9BAB63A5FE22A0810.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C34D32CA71D24bf6B93FDF97973AD503.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 305F73CA78564823A34E3DF7028BC877.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B6FE12F8D2EB4495A5E386B71CEDC8B1.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3951FE0522A44c3e8593719DD9867543.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 816CC70CA74F4e4f9CFB4B4B8630CF9B.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 16347CBB34C240f986566CE022446EBF.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2F3725BB326F4fe0A360A4E18F5272FF.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 789EB11AD8C143999C9F800312E5D154.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C2C5E38C30E74a4b8D6DBBD2838407C9.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 15739C4D0EAF42a38332325B5155FC97.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8634DFFB5E2740cfABC5C8AB272D127A.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0B5AB55BBD7C457c8CC8FB1E35BA3D2C.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C377EC37C64D4223B730F3CDDEDDB87B.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0A07A7288EB5498eAFC09F3BD0502B98.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 328AAE76FAC54f619B1B6B8875A0CE3B.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 848340571E8C47dcACFAE94C3A1F74D7.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F8FD477429A54f15A568ACE92DC3FECD.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C3DA197F8BA744038F2AECEF0B185FB9.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 22D37A65CDFD4e6aA377E87B30D33775.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F1691A35658640389D7F87BC7B60C912.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F5435AFF59EC4a8282C81288BE6A5ABC.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 97493E70886345dc84C657FC442D2138.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 008B7A74E11449509BA7D8AB638406FD.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CB355CF9B73A4f478CA405787CEF2389.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 449B77A3494A462f808E0DDD9F3F824D.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 27BD35D7F47B4386892F09CD2BE79CA9.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 510838B79ED24854B252B76300FDCB5B.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2335CA663A8241459F030B44494807E6.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EB977085296C4b25BC574E5783A71190.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0F3EA28A2E5F44c4ADE9D4F54A997E11.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3595AC3FF35848c6A9A17E2F0BF14D4B.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3ADB6E7F70E74363939DE2F5FCCEC363.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2F46A367D2C041e28B42C4BB3FC1CCB8.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 72FBE8EDD59B46ebAA581DDDA091A2A0.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B2356946CC81440484865CD5C06163F0.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B090B0A0918E464b92225E4FBF731E2D.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 78C3431E587C4745A5CB68B97BE8BA90.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1DA528D3EBA24fb98FF7BF2A596E4F36.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C0135671E87043a885A64724CED8DC21.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 04B204BE3C4944e89FD04588D65D6FA2.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DBC3D46FCAA2464c852CB8A5E4B49A20.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 26861A4D4C7348c4A8D8696BC76107DD.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7769F6C9658E4d1fA9195DD6967FF7E2.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 53EBDA3DBDA4461dA559DED9639AE8DF.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1DFD096FBDD94150ACB9DBBE790F9A24.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5F65E6EDCF734cf58ED0FB4900767411.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 71450F683801474bBAC7FD981E047EEB.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4AF5E23500A64aa99D2A814D1228240A.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 334DA74803EA418cB26C93A5FA25090D.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BEF3ECF5971A44fdAC8828692B1DDCCF.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 73FD90C9D3254f9a9E0382766D14E183.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7C226D08A45B42dc9FF12B0446637E73.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8291B1CE74B64c70A95E754AA4B894FA.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 74F921D2691F43ad831CC17B57E27BD3.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C5A617E235E94f1d977566106559B72F.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CF5A4BB7F5554265909D1163F8295036.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_e708f365ace4144b\TiWorker.exe","C:\Windows\Logs\CBS\CbsPersist_20161213135222.cab",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7BDD6CF8DF8F4ad0B7A31BD01400AE1A.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 084FB7EB350B48609D182F6259A1A513.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131262310169716082.txt.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2586731575114c8dA1FD92967AADDAAE.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 694FE6B17D724944B3C05D82D88A20A5.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6ABA99C3775743cbBDA8649D0E046309.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1AD22BFE5A26499b8843017DE93B80AD.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 98B651341C06402fA7B56D5F05207AED.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 38E48C18D2764c239DDB7059388A14F0.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 86F8646F63FA4de491B2FE5CFB7364FC.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AA5B928843A147c2B1AAFA68D8356074.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FBE777864DC74c8b9DA9501ABE2460E0.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D6C18088DF3E4fa78857235A16BB5A08.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1A7CBFF84F8041d99C46B33520240DB8.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 241B72FFC5904d0d9D8BE99761793FBB.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481757142.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481757142.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT2849.tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BIT1D4B.tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 77B65BC289284a569F5D4F5194047732.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BITE36E.tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 149993F1D817423492A4280F4A3CF606.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481757133.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481757132.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1481757130.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1481757129.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481757126.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481757126.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131262307242288414.txt.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AEAAEC604C7342bcB54BD808BBB8A323.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2DC3A522973E4882A21F3E770A5EA25B.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A8132D9CC5244fcf80073D63FFCB3AF8.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4A021BE059954cc39EB1318C53400F7C.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5633370EFBBF465fA9C23D0C539F66A2.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6090F894FF6A4949A78EDF7CC6C3DC93.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 109D49B41550426f9FE2B3E7EBB4B971.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DE2B1C90144F46a2911DE39C2D57CDB2.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 08013752D72645aeA2593A8D67CCA48B.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F215E278E12B4c7a81CA2A23FC40046B.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2B3F12D1BACD4c3696BF983BE9C891BC.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D022A35FC63A43b7BF1B634AEDC3EB72.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 395F9328DC8C4fc4A51474406A32AC13.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 95E54443B84F4ee6B418E8C56621F674.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5E7E46FFDF3A47368BC6656CC0567A5C.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 39BFE06632C04cf6B1D14DC56CFD97C7.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 21C9667FC1F54a549ACF495868770EBF.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 53CE9C6CD3FF4aabA942D5542651723F.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 80E8AB837C7E4374975A8CEE31090E1A.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9C0EFF249E5D4998B4D3FE9B9EDF5E92.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 44217EC788BA4bc288EDCAD641A87EB9.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EC924083E311489e928F83B02FF61AAA.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 66E7E53A9AEC444bA079F41ADA356605.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 71D6438F6C7A49e99A4AB5185A2082D2.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 526DB3EDB45A44599D3599E56B8907B7.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 666551F6C7F245a89E3A21F2DFCBCF3F.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7C23AB2E533942519AB390BF6F13E290.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 36152B36C3724a2994018800BA9A5303.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0F0A69A11E1347218C6BE7E9085783EB.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EB2021335AF14323AA69ED8CF237908F.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8C7664DA1C454860A07B78BDA23BBFAA.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2A305942E4DE48e298E45E8CC210047C.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7CD1DE400BBC4c77A900C671E8AD6074.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C965AC394979491aBFCE7C63E5539306.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 16604091CF324595A7E8B160EF714874.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5A49AB179CC8482b82BBFEA5B87AD3C1.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FDC07E14939D4c879C22F00A877B30C8.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A63E62450BF748029F97C94DD5216368.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FD7E9ABE2CD44f22A721D7D7CD36DF93.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DC29C0AF0AC64462A0749DE3FBD2A3DD.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D2A29FD2AE2445ec8CA9F67988A77EC2.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C8653041B4E34263AE78881BA51929C5.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1D8508DC3E0D4b4c8DA0EC5EFD9F9070.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7ADDAD8EBADD4e99812E072364CCB919.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 06CD01EFD11042b7981D8E23649E3960.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D255D250BBD540a684B3B05239FEFA2D.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5C8966508592429f82DF00F52F1E8278.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 23C3776AEFE5487993EBEBC9F494C435.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B080B5CE38D447e1ABB75E45FE9408EE.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2F5D1AD8A5434eb2BAEA0EB1FB603C36.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 831C55D998904c2e8322B27062B15AC0.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 211053DE6F654e8096F44C5A0CF2D357.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F06E5395B86241c2ADEB4C1EE80B649E.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A2424E83E2844577B58E8F2ADC75702D.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 879E08BF95FB44298036376B5D491856.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9EE389951CE14eca82C9C79AEE0AE8B1.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8F6885D5877B4b829C4ACB043D0FF8BB.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A0BFDF2421794ce39284B564B5FF05DA.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 828C6FA11F2445af8B5B2FBA24BCEC40.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BE9CEDBA4A3C43dcB66B4ACD0C16FA56.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB0E61BA657048279B0D22B1CAF7B301.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 25AE3FF29F6C43a6B9D0B9451BC9CB99.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0C83CB7B44D647b08C89FCD1F8A93F1E.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B2A735CC58784605A6ED71EB77810752.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A8443472FF4B414bA9DF190F68BD5964.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C6BBFCB7C8BB400e935EAD1C5A7D9745.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9048971E4FAD411a96F5D10F94E0F3DA.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FB72BFAADCA94ad1917CF7E875E12E30.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 47481616530248a0B9098E85CF936B68.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C1E4E8F0AEA745cfAD3717ABEFE35EC3.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3A237DF55A8D44fd9FB5DC6F8C1DC791.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D4D9C4CE540747ac8EC6831E4A7064F3.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 738BEFD2901B4ace8ED1FDBF12DF3425.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A97AE67CF2D2404f9ABCCECBFEC66F1B.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8BF68AD3D6FE497b8CA8341B71A16FDA.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F7E1D9756A3E45d8B50DBE16C95A7F55.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9AA4F58D5DD843ce9AABF6A5886A1298.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7E93269B238749a9B5844C8FC7C196F8.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 45D4B7A3D5AB4e66A7AF9E217AB5F3B9.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CE462E4148334691829602D49F76D198.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FF362A664DB5451d90DE4DFC03881C04.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 57721079774D444d9D70EAC1AC586F04.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0EB3EB1930A14c64869B1DE6F2D61379.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4CC36EE457D24a42897225F08A0CC8ED.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BBEC743BE2F647618B02ECAFF9C70174.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_e708f365ace4144b\TiWorker.exe","C:\Windows\Logs\CBS\CbsPersist_20161213134544.cab",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 194C0D4AB6DB4e56B0AF810F692399F0.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5BEFEE75C05B433496D957BDF5271578.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A205A5B0AFB04f86AEE8682C60F2ED7E.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E4B534132F9242459E89688587007D23.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E063E82B2045415e8B55B72A1ED83F0E.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CDF640DB31D2487184FDE27B41092477.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DC9444F1D81842248A766B8A74E160BE.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 67EFF328E48E449dB4790792EF7437FE.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 32E5997DD73D47619620B9E802455F21.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 215035EC397B41e39BC2EAB5013C7217.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 24F1E550F01E490891A59832A90CED25.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AD5017065CE9444dAA600DB68D1F1426.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2E3B4129B56D40fa96D36C1D255C3C2D.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 64939D7D70AE4f72BCD8684C871BA5CA.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4D78FDD5D20B4edbAFCDF42D0F77FD49.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CEFB02A32EE44939ABEB9FC2628DA04F.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B43B0E95E92941e798832D4270B1E934.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FF5ACB2DF23A41169C111C171E91E1E7.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 21EFC8FFAFBA4c229EB300604B3C36B9.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F0F785398D9F4d328520EEA8306F43D4.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D64F30E6144840b49783EDE494F360B4.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2CE32313F6C24df3BF3B52A894670850.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B43A71C8F1C74cde98A3278FADF34BAD.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B80A4ADF323445e68F10ECF489E5C7E0.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 14822A5CAD90482f8E54F2FA2644D336.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7057BDB8C33445dfBD10F1050F810C5F.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B4EB469E89F9478a949E6ACCAB2AC096.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EF2E7DD396A2455790F95F8B84A6E739.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8E72059F7ECE4a23A99DB6DEF0F7FB30.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 30BFF5F708464da390EE2C97D8E21E6C.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4AFAE4B213C2451399AAB38068851E9C.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 96D63D54B4D14bd3905C65B9D642E9C9.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DFCC08514D764926A45AF55137EA726C.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 726AF506188940cc9AC9739D9B413894.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E7FFA79D80A4487791EFBA620F7AED83.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\9f9df3ac1bb1fc64afb55295f7e328a2\BlockMap.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\82f712e450088f1f11af5cd3f993160a\BlockMap.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\1481755268.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9D431D5C26BE491d9F33B20E98E906EA.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 30AF79E9CA684007925FB1B19E56D630.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0BE64433E12E46af859F1F70757868C2.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\84ac8f8c67f9af7536d00b85527762c3\BlockMap.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AAA4214BC0A944828BF1B893FE2B28D0.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BE15380C2543405dA2E2D49E3C3B6B46.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BITB67D.tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4B8FF3E6513A4ee485D55766AA807FA5.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\1481755195.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b04f8702c24bda5e7cc6bf2fb9f18bde\BlockMap.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b04f8702c24bda5e7cc6bf2fb9f18bde\BlockMap.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d65f96ff1cf37fb8adc50acf71a2033c\BlockMap.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d65f96ff1cf37fb8adc50acf71a2033c\BlockMap.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6F107675FB2C481a94223A4CD0978FF1.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 597F1EB5F57444a483CAC849851AF71D.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 13BE94CC3AC046889D9C2DB4CE7B5064.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481749244.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481749244.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\abde0d22105026785bec8bd51ade8058\BlockMap.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\b04f8702c24bda5e7cc6bf2fb9f18bde\BlockMap.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\d65f96ff1cf37fb8adc50acf71a2033c\BlockMap.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C95C582520DC480aB9174D8BF04E7EC1.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 72D3563FA5854d8c95082D82775A9B99.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1481749201.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1C0E814C4F304f6e9E65D6C36257E885.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BITA2FA.tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1481749191.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481749178.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481749174.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131262227712517531.txt.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CF1AC49700FC48b18447038BB5AA3F34.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA2149A670FD4513AB9B585C8138CEED.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E928426F86CA4e2cBB6001EDAA22131A.ppd",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481749152.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BITAB67.tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481749149.~tmp",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\SLS\855E8A7C-ECB4-4CA3-B045-1DFA50104289\sls.cab",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-14T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3F8D6B011D714bd5B9E1E05C0290960C.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 038568B63D654332B51C57394FDE5CDA.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5583CD804CE8470a8923A48C5D3BA9A0.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 738EF286B62644efB977790D4D13EAF4.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FB879C237BA94a45AB0435D92E61B8CE.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C6A665C4CE0A418cB2671D60743D97B7.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9FA35AD8D7C74f678042A064A42A237F.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 48A8D372487C4da8B1BDD2156759DAB4.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6B475E63D61B4244AAD080339F3DE407.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4E70FEEE78324dd7AF87F4B58B860E46.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT2AB0.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 48F2FEE1FDFD469f9B57D500EC66BDF4.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2BF940D1ACDF4f53B0110426393984D5.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E5B8A9694B524394BD947CB58766EB75.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 24BA9A7D27454436B9CD8C30BABC3E0F.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5EDBC143B33B4ed3B917EACA978E38EA.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6736CCF8223A49c08E9CCBEA77425D54.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FB8EADB0F2E440118AC4A48D62AA3C9D.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 248D8FA68FC44509803D70716AF11EE0.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F01DDDF564F6441396A229082B9A4CA5.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B9C9F0FC219E49f9BC820597902927E3.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A8FF254BB6634ef185F3C2F96E5A743C.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E7B8832E5707424f9FE52E169410253A.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1DDB64CEC99D46c68B26371A72A6C289.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7D6CF561A0AD4112BF54D1FD286D93E3.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FD22A48EC0734767B0F08635A7157C1F.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7E116CBD1350416d89038B1357AB009C.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A5791FA1801842f78BA0D7D85E16FFF1.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9BF016F31EBA4f78829B7DCBA0E2931E.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A6BEF0457F634999A5C916B796DE626B.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D00F735E7BAD426d83A0A97B7CDE884D.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481637158.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481637157.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B74B202C62DA41ae8552403CA50798FC.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 11861FFC239F4db8875381BC66DCBCBD.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C447415FB201401fB50DC39C4C8081DF.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AB730A55E5C648ff853D097529E48F1B.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 13D3AEB85C2F4e1eB7C415EA8603FC7D.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0711839AA1C244948709114492F6452C.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4B7228B598CD4c51B4B9CC17BE8D43C2.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D58AC06279E34cae80677115C508D211.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BC5F22897DED46bc8C8195483327F1BB.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E37CE23198C44f89BC8C43BC5E6DF91D.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 03BB7DCDA6A54697B1A2BEDB432F64F0.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0CF3D3C9717448c38D0D5D092144BC47.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7FBB4B96A20D4bc9B6C2A599EE183B41.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E550775E04154d7bBF4DFD74124609A7.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EB2C8D11ED1445158F5E2E8129824330.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD15913A5A6B45cfB50539B21C99BE59.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B0FBFC3AFA4A4c24AA4B74CBE17E35DF.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CF433C10ECEF45feB7F874AC41D45E5F.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F9679B972DF046c6AF62DB8ED20A7EA2.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0B35808C6C6345d188A019B123992952.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C40703D4B6004b1cB757F90F181B9EAC.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ABCFB3DD56F949c1AC38254EF275F404.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B66552A190874de587C9DDE168805704.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ABF268CFDD484c7d8B6453373A0EF786.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD25DE584D664d7cB14FE522FECD541A.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2E05470CFC234843893E7549C00CCA63.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FE2FE19B65084a109CF67332D4291687.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E669D3E198F34cb6A00D955E6246CEF5.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 86119793D0E04fa4ADD92A5B34ADA563.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0B43CD5B9FEA44108E1B887B54527712.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C6EA3B93372940c5BF4E87A2DF96F7CE.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F721DCFA40274a2cBB3D72108CC02C21.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131261104098778472.txt.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8D02F3AA64554f7399D246FF623FB199.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4194EA6DF4824bfbACB19527F53EBE48.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 06283C83B94842008FA346E0A4FD2918.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 490486A0CBC145259DA5344D0CE03247.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 14981DF36C1C417aA1AD8E903486BF6F.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C95EBBD864644c419CAC9E57F5C8457C.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD80849E7F6840e7AFCA28B95AF95CCE.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0BE9A8F2F5EC41fc95717BC90C00FC09.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 04B6399C493F469d815A567CE54FBB99.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1D4ECC2259164bf3AF40BFF6FFC1CEAA.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB810D8E17F94cfaA7FC80E6A2F74C3A.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 39524A9D3BB547e184E0F8E9B6036A32.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D59FB204D63742369A234B020DFF4D27.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5A0BAEA0F66D4fa19F7FC0EC8CF6E78F.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 742D08A43174462aA0D01AFCF5FA40A7.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\SLS\9482F4B4-E343-43B6-B170-9A65BC822C77\sls.cab",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2E1B062364B44baa830B2E46CD2C9159.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A2393E363E1448fcB3B4CE1FDADF8B36.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EF6B05D3223A47548C5D90385296887A.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E07638C42191469a889CA53AB2062F4E.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 12F78BA141204b2d9400DCA227BE08C3.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131261102829166477.txt.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 10D53F45DC134ec4BE0E176F0B0282DF.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2ECF8172FCA949b0BE1241CB18C2926B.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D81DD7FAD48D447eB799B44875BD2130.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EDC7081BE91745b3BC60376D9A93185E.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 028A5B9B952548c7AEE23F699C908955.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\jn0oh3rx.newcfg",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 48F75F8E0CB84cfcBAA1206E2E95BF78.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2ACA34F0953743ce8DC4D491628C72FB.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7D5D62F66DAC489fBB541AD732FD156F.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131261102254825666.txt.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8BBD16920BC54568B4F45ECFDD14D1B2.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7A49EC9CAAA443e39E79C1D92BD2258E.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\~usic.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\~ictures.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\~ocuments.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\~ideos.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7A9057AD71984937BA32B10346C1645D.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 64F71FC810094555A9B9505ED612E9D9.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481636532.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481636531.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481636530.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481636529.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1481636529.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1481636528.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\nilgud03.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe","C:\Users\user\AppData\Local\Microsoft\OneDrive\settings\Personal\global.temp.ini",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131261100084196540.txt.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8BC84F01D608478dA7F49C6E3C475638.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 84A1D06D3E1F47d6902308D81E474E2A.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D6342A84665D400588D6E2AB0C80D458.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 07FCC34741064a59A57FD0E0AD7FEC5D.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2F62A8C5E9D944338F91CABF7DECBB75.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C6EF428341014f909787F0EFE3766929.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E8453AC5D40B433dB45AD85900A8C345.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C06F58E2E7FF435d8248AFC90AA7B997.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1481633527.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481633525.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481633525.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1481633524.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481633523.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481633522.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT95F9.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT9965.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FF4AF9FC844C4d97A7E00CE1344A28F0.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2D7B3CC7D9DD4e87BD9E674A0D4B71F0.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A81E3A947BDD40a696B951097B0A88AF.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 85E14325782C49239A104EB8DD187BC9.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C2FE4C9E2809448e85FD31ADAFA3806F.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\0flhxpwx.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B7A6B01396624593B67ABEB36062DC32.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F47B97DADB974b31B496CD14030FCDDD.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E9CE0BD33A454cccAE08A2199C69DF37.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2E03218198264e129A5284183BBD5EC0.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B30583884546479aA36FD30B832BD70A.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0BAB4C9EA6B24d259E269EB9A9A3D442.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BITD0FB.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\aahzo4b0.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D33A4B97EE1743358EEF9FC7D195C659.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AEC27CC39E2F47c492652909996EFF97.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6A2F10703885437f9A552CA060E2A910.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4A98675F2FC045bcB61DEBD9E65E5DD7.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 41530303D7F744408CB65E6E1AFFAFB4.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BAE4958BBABF43bcA9C7648B63770778.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A12B655AED8D42b696A39204C15CFB78.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 03FC8A1FA71443db8E3A59742CAB2621.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3E32F87EDDD04ede9EC0F6DF81DEA2E0.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\vebtjdyp.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 92A5212E3D0F4620AFEE958EDF1BD5C4.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D4EFCF723F644c819A352F46E6ADDE79.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 43BD0CA408614970A8CC5D24D50BA5EB.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 354970C61A0F46778B1F3B4370CEB91D.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA874DDC1B424d45847925DE9765C096.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D798F3748639403cB066E5F0DEF5D452.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\5t043phz.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 63A317A3D0FF4655A838A39D7382EC8C.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 247927F5B66C41dd9A3C88B36C23016D.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B6A1E7A6981F4445900362763E0D0D39.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CEBED43A669A48779D14882689530620.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B1FEEE1E5AE9458c8FB71C24EC29FAFE.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 765BD4AF0389493cB880F0A3785905E0.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 67D2AD7B716D420c93CA6ABAAF1FD2E4.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 89B0F9645F5A4192BE389EAE4DE3E958.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EAF68BEA87604883910B0D119FDF50A8.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\0ewbaexr.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 53A3CD624E174c879A0C9F3B2CE59534.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CE332FA4D45B448bB798214646B78E82.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 598D8FCBFD8F4c2794A62604495C8DCB.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7DC74241E4704940A3A55660D7CD2240.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CA22DC4C64A3424e87DEC768F56B980A.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B8A670E108084c40AF07F42F3D9DA9B4.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6E690FCCB3D24055A5310F256A479AD8.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3CF7C5AC380842e2B3F72EACCDA08A5C.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B697335370714e49BD288A7F2BB9F390.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\kmeveykk.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 58E9F1E7FEC449b39F683B0E2254F021.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 33CE3DABEB5A49d587243A0F85BD6E22.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E45B8906DB7C40969BDB3B9575869C3D.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 50657114ADF643798436FA14DAAC22B9.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 78CF097163A64756B4BD16CDFA862CC8.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4A24FA586F82437eBCA90936A9F6C152.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\oobrmoy2.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A392F3570C8A4a558D6A923E2FBE17C8.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 94EC5D42BF304a0fA51926E157F7776B.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 41500B226D6A4424A4267695A5102121.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F2AF7D560F3A40b280F16C84F8BE6CDD.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4C800C18A0234e6cA9285FE136DADD68.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 423DAE92E38A404dA18EA0054BCF73AF.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9C94F604F7204fa38E17B6FD32676C71.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F4420FF5017643f397658D66EE455613.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0DF1521F23F14062900FCA3151DEDFCE.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\4jwr2g3g.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 83664C825C034d4b9951D2CD8393C625.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9486F2EF6B1C4b82AF9BA1E17BA17C68.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A47179148FD24149A9312B265FCC4024.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4BDF7353EB174f3d9786AA7BBB9D6284.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AC13593ECBC34db19C5F383632C183FC.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB85A76A46B84376A357D06D13597215.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4A20F8DDF9D04853BD66E6BFD32BF6AB.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2AC2213AC1FB46048C5A9E9449DAAD01.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 10FC3E18686F430695CAF5BD45161A8F.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\1v5vgv1m.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 47C00BE09CF344f982D8CCDE995E9671.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1559B6CF795841cfA3DDD925F62697A3.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AA62071869C94c468B90362700623F99.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 082F26756D6E439bB03716436BBD8F5A.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 18B4314F26484f5f824D2E84883C8126.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EE2335D025994348933FDEB8C7CE3C0C.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\ajv55ut5.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 72E5CBDDDFBF4cd79B8055D3489A4F6B.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3B64E6B95B1A4a38AFDFD3FF222C3451.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3B2E7F5C1C714cbeA7D3C9C30A2FC7DD.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 34CDC564431A465bA6247DDF89D1696E.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1CB61BF700F34724BD168E69B07949D7.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7D56A6D85B8140c795FFD32DA7E21109.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A284556FAE6249569CB7687950377109.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DA95F7E3717C4ceeA3F70FF06A25E449.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7044FDB780614340A356FEE21488D4E1.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\c1gjzo2r.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 45410550DCBA48279C2B16A9A5AF8D07.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 22F27A10A17C4bd3803B404C4D56A58D.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FF54F2B3960040fc8EFECC4AEB9F02F9.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 49196DB99C03421eB0EAAF032F57D0D6.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 705C4E6071ED4b3bBFEAC1FBB818EE64.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2730D10502F0436d851BE4360CAB1788.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D71E1BC59ED44c1794D06084C82E9297.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 01843424696A45088AFC36CC108D2266.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\wwxdvbfo.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B456B65DC04E4f1886E1A9AD9CE458B2.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FB3835E34CFE4ea1B177CC24A991DF7D.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F92DF00AFA71455d8E8C1BB8C43A2376.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C63BAAF9D46C477cBA77E68809408CB1.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C48254E606E8443bBBE05F146D1F9B77.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DEB31657E9F0443cA5EC7C8470C8251E.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9054062552E44dc4AD13CC31042723D8.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\iq1wl3t2.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2D2064E70C1F4dbaA9589F267C5D4709.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 25A4D9425CE148d2826143C5619BC3BC.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3A1C7DDE2C804c3c8821DD6F0658FF58.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D713A8D9207C4ef695445FBE93C71638.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 581115B6E55F4a24AAC8060B8928BC63.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B24F67CCB7EA4285B04BBB1E9CA71C55.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481613966.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481613964.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481613958.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481613957.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\eventbeacons.dat.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 18AC52BA633547aaAE69122FAC3828CA.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 55ADB2191DFE4d1b8A42F29062154A95.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2E8507FEFC5845048E1568BB38C80A68.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131260875220086999.txt.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\imprbeacons.dat.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\zhbcdvuz.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2834_1780_notdimmed.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 775B5E4666904867AF32BF71A9084B56.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ACA757090B5F4224A2C58AF7A8EF47E2.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A39932E48BFE4ade8DA99EDACB26B0C7.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\axgauy2r.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1641B74488AA4417870C2DD7FF8EFF1B.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8E59FBF9E0E249b5A60953F80E31FC50.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 98C6796D744D44c9A8577EB76D2C42A4.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 663D72AFF9884ab6BAAED76D1EA65111.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C280551615734bfbABF591CFD47DA46C.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 71EB780255294e8d998F1EA10665271F.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C8E7AE47B9A64657BDB1BE87B61B746E.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9C31E768DAA04a6dA075125409CF9A0B.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C8DCE9A9A8864a448868A98008723CCE.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\0gq221g0.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AC3694633E3D46fdB223C37DA4E5CC55.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 31BEFFA7488B4e86BC1AC24AD9A60387.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2378D44C4E3046ccB622B74664C24CB3.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DE80B50911704bd78CE0A4A44A349676.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C2B5B4BBAA4445efB2D3861744BAA064.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F35C51FBD8664998B2E5DEAAE2DB9ED1.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6F94A6350D064a2f868B4076404AB19E.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3DB0B1BDDAA04f04AD5CE6CF8AE19148.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 02DA0CAFC09E4c9cBD729D9DB016D713.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\zmeqwmnb.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9253E883D9F3448cB65C70832FD7F72C.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F2683605DC764854BE64C2F91EB5042B.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9BEC8FAB23F842d48344349E6BC38975.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A41DB26B6D2E4964802E5FD3C654F516.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 55C84CDED3554b818294939AE7BB58A3.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FBE8E4608DED4e738243A3F2EDF58053.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\krfvenmp.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 955475F433FF4ba79040E773C63EABF1.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 26E474072F314e8bA1357838FA61499F.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD6BAC1A0ED24ed2A21BBFBD1B3648EE.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 16CABBFEFB3C403a9AC30E15420C3E5C.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8F946A081BF8490881D8823B519D9015.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 150D851EE81540ebA8B2979891E61EF6.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CEE730887B254b8097BE9C5C22121822.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 53217A041B99405b955E0D05E3D34A07.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 11F8FE19E6BE4322BC968B397AB1AA99.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\lrkk4ia5.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BCA9DCE8DE4F42f68C44F01E77E9F802.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB8C8FD7CD714f568D20EA8E4D671E2B.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8CA46D1AC660474c9CE4143808F7A6D0.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CCC898752F2F4d18A298F459334C7F6A.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F4B3B29FADB0403b80A4D62AAEDEA478.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 55814C1D853146b6BD66C0BD50CDA0FB.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CBED04B081AB4be3BBCFB2DEB90118C3.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EC32F9FEAD0A49d5BC6761D5ED12F3B6.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9297B945AB7A4becB2628C3C8403140A.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\qrffwpwf.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7E6110FBF6044b0eA41607B38CEC27EB.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EDCED318DE5A4429AC627AF6A4608CCA.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 73933321C372401c8B4B295863CBA2BB.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EFFF0312DF50470e938E7ED8C05AD417.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1D76143A464B4733B8549800651F076B.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8F99706377BD4aa28F856183C5534408.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5BCD586B803540deB8A7ACD7435457ED.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\cyifb5wk.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0A0F575FBC454f559334A7E67B7F85DD.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 83124A4F59BD407dBFD16BC00530E17D.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 37574A3C1A504c53B2968EF6087422A4.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 775FBC5ADFB24898BDD1DB38B3A1684A.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 35C34262206145da8E61ECD22C7B5BB8.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C948ACE950AF4a5992C57AFE6CE702F1.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4835E901F5C6462295412ACD32A9BC81.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A8E1C51EA6684b1699BEB14E1A5B5FC2.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\wdy05tqu.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DA7638AF6FA14cd19BB502DA56F45649.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B291B50A89CB41ac99D355289CFB3D13.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8EA6F32C412A4fb8B6C07927A9E1A76C.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 795F5EEC1160403d96C52B3D7546D982.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7ECA14C5842E4da89439FD5F752CD11E.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6E6CC45BFB5D447f8A473E14013A9D2C.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 41D3187FDF42422cA8906CC7DEA6E96C.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C1DA618CF445426797882568F136FB06.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8EE48216C6FE4ea38716F39A4D16CF09.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\dj05rhlm.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5CA826A2533B4493ADDC6E134786D9F2.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 112806DFCB0F4d468F5B8FC982C02668.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4A3FC8D11CC14227BF1D9B4568D1B091.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 616DE1A497C24252A04284288401AC47.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1758BB74B9E040c99AE1853D261537A6.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5C0879221EE54296B1E22040F46FB4FA.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 55015EA7088A480d8DAC0FC8531C6C15.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A17FA175E3A045939A5F378AAAE5CC42.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\tkbwn5p1.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A4679AA7B25046a4938CD23064A5CC92.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 62417BC46BDC461e815AA43E27772839.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 82471C2E1F8D4faaA911091E4BCC97B8.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5DA4F2DEC6EA4c6dBD6158F4196369C6.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3362C95B3DC64c3a9C3825E473A3CF03.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 21ACDF60449448119DD7FAEF83712401.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 39E6776A1927416087D478BD166FA387.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\gl312jp0.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 55A1A07E8D92499eAD5509B9610A1EC8.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A7E2130C21C544afA1FAED99121F5430.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5EAB01F7BE4D4472947799D809FF3C33.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F89003836C4F46a59987246C86CDCA22.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6F2CDAEAE4D84892A099F517E45EC6D6.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8BF2F3BE0B504369944263D6532930AB.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ADF8F1073439479cB642EBB7EC836CD9.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 407AA1C4C0C249c2AF3EC6E82F524502.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 88C4A162EFE74b27B34C0648F152F375.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DB4BD67614CA4e069660C477F9BF426D.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\dtemqv3b.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 42B1786601E8436cADB35F8E5BEAFCEE.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 77D94A3BDA74426eB18C4FF9478FCBC7.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DAEB03A7FEB5423492E44F52671B14F2.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 346F0AAA02B44d30BBB6CC55E40836E9.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E5BF7EBAF6084509AD177FFC1671BD0A.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8367DF81C7834f2a9A2668753A6AD679.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\qxfrg5yn.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B438E445B0FE400e9794110EF26F0D75.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AA5EF09551214e4dB32473BC41C97A7A.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\9a1667e1.jpg",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0B1DDAB7CFBE45dfA24AF66733BCEFCD.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 860CA63789EA4eecBB92FE79CF72E35D.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6550DA871D3D4ac48C3CF5BD65EC3FA1.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 98302317B94F4fe4A569DAD5753A283E.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\h0fh4oel.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C031084F134D468bAAB4025B012938BA.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D5B68BBB58EE497cBD91777CB2AE6E94.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fa13a79b706d5d1bde1d889fd6c02d3d\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1E88F1D417F7486d87DB6AE90ED2325E.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9D345D81674840daA77083792C4DC899.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\lhdvnkmm.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8F3ED6BB8DF6413e9DF8E462D989993D.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ED6AE098BC1B4864AFC7825C92B16795.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FB839C5A095E4f14A0BC56E3F7C4DDED.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 70E7597E3D42455cB934B5DFD4CFAF79.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BC8C41F5BB2647e08236870A070E22FD.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 98F67C3F21EE4dbd9A00A9A3423E55F7.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\f3xvptjx.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 760B1FA0B605429eBAAAC178D3749D2F.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 40E15C33431C4327B53E08388D6ED7F1.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AC35402217C842bfA5DC7E99C613D5F1.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 250DCD5F798348b18052061BF3721B4B.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E0618274888F4ea6A3BF8E50BF5B0187.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 24AF4A4F6A8842e0BD2845BB6F96D8ED.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ec0663e6b2ba7868193ffe1bbed8fd7c\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\eqizxdcg.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BABA5ED0A0614b25B7BE6D984B237CBB.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 061FB391397B4935ADB784BB337D5818.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 66E9A225D2A642689C7285D61A290F92.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D1FC015485D94c6987FC29D00F239B7E.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8588D8E938374aa6ACBE5F746F89FA9F.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F41FFF05534F46ea906DDCB4D74EDC46.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\xlgrtirx.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\dd4367e5b5951f12b7838a51357ae7a5\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fa13a79b706d5d1bde1d889fd6c02d3d\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 126CF472BB954dfdA7B4CFA845A13DBE.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3CD27D04DF484d4eB1BED03277EF3CFD.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\ec0663e6b2ba7868193ffe1bbed8fd7c\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\687a9990e3310ae9409073936e606b7e\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\4fdd00beb7c9120d5ccdddce713b0cf8\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481610543.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481610542.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1481610538.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481610536.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481610535.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1481610533.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8C93BAE6B2904d88BA69178A87F03F17.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1091D206AE4C4f41B02CFBFF19255263.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT14FF.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BIT29F.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BIT273.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1481610502.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f6781af9cbc1a8891b5f40ebf54fb505\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1481610497.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481610495.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481610494.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\89eb811d627c1344f20b750b635c29cf\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\57ada06ccd0bae498ff271add92eb8ec\BlockMap.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C745E8D647AC41adBEE63D27B4ADF590.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B1E1EDA31EA74e098BEDD551D7444C59.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\hkv5hqmy.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481610474.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481610466.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131260840532542752.txt.~tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT504.tmp",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 02F88063FA9F4e519B55CC0029828334.ppd",2
"2016-12-13T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A6567AF89D7A48d688BE68255D735986.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E971708879444e5189857CF9C9EAD9F6.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 31C8F0930AEA491cBD973F8EA129D23B.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2C5FCF0BE37E4b5bA1CBC3240FC54926.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\av0onf1l.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BFB39B7FB1214eda971A5E9A2C87D6D5.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4529182CE6644c21B62758AAE18849E6.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F984C10117A94f2d88F9A7C15A753C2C.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7C355B322A744852BB748EB442F531AB.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3CF7C81161894e49BB5D2CFB82EEDE6A.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\xqdeank4.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 10B0F35861C6409c85270C14A77A5F36.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 886A2D4D54624961AC0791D70071005D.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2106328DBE904d6aB9ED0D39B882A364.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 07764CF4FE724ab0B4641CF1F32E3368.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0C52B8EC0BEB43d3A577BA763B202226.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1647DF31C4CD4303B223F636969187A7.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\aa2afg2k.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0D6F5496981F4b1087853DE144CF0C63.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7E1FD81155C84b68A0A5AB327E2C836E.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FFB51C5E3B1E45a78EA2B5BEB87B0904.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F03935A7459640b09B6B3905DD29C526.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 842933E462CF49908C48910D1A8D9D36.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3C422943D0D3432389944B42D81C44DA.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\sgaywfme.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A4234F328D5E4de3893DFE09DBF1903E.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB75388BDC374040A4892E0CF4AC3F16.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 140C33ADB5A54473963AD6BD41161108.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 75FC39286F2A478d801894B6765479DE.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 628C37F1BB094229A723F2C5FD739B84.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B6B5092E8F8B4fe0B1A47214AE323248.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\nne5wsgp.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C3F319E5495C49739F4CD1282FAC936F.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 99B53948B14D45b69D3A84E2067CED84.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F6B8855CBB984e9dAE51B420D508F60A.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8A1FD14B58F44457A657E4C6CC396589.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\t3211qx5.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FB9697813DCD433dB14BBB195666694B.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EF0B2004754E4f198F83798D02D674CE.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5F55C60660404a559AA6B3F71DD2EE5C.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BF01CFC1D94C454e87612095E8E93796.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6C76C8CF2517454dA185B23691AA8465.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6031862BBB81473dAAD8A936DED5449A.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\xvcli0wd.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 748B924D4ED74061A6F3235061FDBBBE.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E2D368AF3475468e9D168401AAA592A7.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 91F2EE19B20F4cadB16B6BC1B1049BC1.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C749F8F5E8FC411f9715ADC3F7592262.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7B4AF44BC2BC4e64B007824D8DA3A9C5.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FEFC2DCDC4554c8a995F431C8EB9C54F.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\250bdc6a.jpg",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\3200n1ph.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481210667.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481210665.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 13094F7408F3489c86B9CA8295B61FA3.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1708DBF4580C48e9A87DC166FF6354FC.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\eventbeacons.dat.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B09210D121DE4313A40EBD45ADF0053D.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3940E2B46858449a8FD69D216706E4EB.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 35129749EEF8495d86A3AC6E8D5A9711.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C4298555810A476eA8B7D6ABD312BC56.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\0lk3d0rz.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 44AE17E766A74ca7BE7F5EE3083F0742.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1C9182DE034E47c19A5ABE38BD304EF1.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1481210483.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131256840818317609.txt.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BEBD0B815C584ef392745B84BE8613C9.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7F92D814A9A648d2B7E442A51862BFCF.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FA021270F46844559083435B0257DE58.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\vu5oqvh2.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9DEE8BD011EF4f4c92DBA3936ECA217D.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7CCF45D1B7874acb874FF2A2498EF1BB.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B82C5CC304984decA36F03DCE35159B3.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FF31AF444B8E42dbBE61E1D2BBF5C2F5.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D81F65DEB6394a2aB9A0E16133135F3E.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\qbwyg1hl.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D49EA3AE6E1F4d02B60F0A3838E64EC8.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E3A295CF06B542358E7965EAF8FAC6F4.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9BC24DCC691640b0B39868285606A169.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F11533D663D84121821C94319BA9D586.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131256759634552423.txt.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481202351.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481202350.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1481202349.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481202347.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481202347.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\rolpgxop.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BITC1C9.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481194655.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1481194649.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9EC4BFB55DCE4c5a863870120210747F.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 993B1A392E5B4800B49FBFB29EBEA8CA.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\3eoy0e5n.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CB68A07F91D04014A25E1A85980990E9.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B80C122DB30E4a61976D7A873C35B5BE.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 390B16C9C7B04173A6143D4D09508609.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EF63905DB4B1449aAF3421E6F9DC62BB.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E3415B0D893E435f8EC6FAF8A407CEFF.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A92F12BE56C346d38F0F0D3E338FC1F2.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\gnzasalh.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 241FD9FDE53343aa8694A2CD67BF8A73.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AB7785F233A64685AE6A2AA0212F58D6.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4758672CCC984168A50CB5E899AA1021.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 69F6B3EAADE64df58EC2CCC7CB96F0FC.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\jvqfsoy0.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0FF8A0D46C3B454091B12DD799138311.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 09F700B31B2F4dd083AE14DF74D400C8.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0E7DA054D7244c37B627112A4C18E769.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 67D04A8D56CF4f9e8EBD8EE477D674B4.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D73C4F8D5338472984B3DC3BF907D4F7.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1CD68CA0F0F34f94AF17B564703DD930.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\vqcpt03k.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 84E9B726BF814414856EB339D1CD1857.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 177DCF2461E8434e94BF1483048D3735.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7BB165D5DB314d6384C99063B60B20C4.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5AF59F6D5CC14b759E87F0ADEAA87486.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 43810E9609224d6fAE30E75F4804AF2F.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A665E2AE491F4726818BA45D64336504.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\knzx3bfy.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C6A5CFF62E264ff2BFC5BD03228BB616.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 52D60CBB8E1E40caB47ECC083AA1D60C.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9D3CFBBFF4734ef5BBE20A41AEA8B400.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1C3FA259719A4958A7E9CA040703DCD9.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 15A46CB63E8E4df3B7183603099A8790.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A0A20974A29941658CF79B372D914644.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\x0akrj1z.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 409CDCEEAB584897B9B4DC4384722473.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 18E7FFB094A2424fA210093F02F537B4.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1A1D3C84816F490bBE5C385A21C40A1B.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D706F3EB8329461188BC41332A2D4A54.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BCD1A080EADA44acA5C4D1D7E368101D.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A78E39E9FDC644998969800E1E2FB5C6.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\qfzv4prv.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\6f76628.jpg",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\ec3616c3.png",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C30DB2D00488469cB398F4459025EE19.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D1CA3B2E2AAD409aB2CCDFF36E4990A0.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\6926ff9e.jpg",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\d166bce0.jpg",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\1d8dc5fc.png",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AACDAC2BF1064283AD1021C5EBC3D993.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C09551F90B034b9590D2F23FC47E4A5E.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481175758.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481175757.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\add2911.jpg",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\73e44fec.jpg",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\5sh3eir3.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 90EB6D5B397845c98B336126ED5022E3.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 332405F83A43425c976F5DEEFE4AF69C.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DE63360A610647bbBE7EDB60AA7199B1.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B95AB14E6D734a44B0400A73BEBAB7AE.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BF8F8D4A0CAA4a218F930A1E09A7E153.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2458764D7EAC4c93B92C2B47DE260E11.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\qpfy0010.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7A6637048E574cb392CAC3CDEC7EB4AE.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3AABF37DFB5C4628BD7CDC664905B0FA.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 190D98B3A3FD41d5A59E2F48A25D5AE0.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 05F3DAF2F5F8470783C628073D369D77.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 590B631F885041669D315E3A27BC3E25.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0150A34D03BC46dc829087B45C9635AE.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\lyvsdrw3.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EECA30720E8E4287A288E68128F72D43.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C8A57BD7EBF14bc3840208639422BA01.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1245D186F442497aBEA693B81BF880BC.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A21793C4DAA7437fA0BA1D0369ECB86D.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9C82A730F78140799EEAE0983548D7D0.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4B47E9F4091C49bcA5ADC0B8583AAD3B.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\fhc0o54w.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E566E8C6FEE643d89519285641F27F77.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CD84E3F35DD740969A515809B2E3A31A.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6FF438F0296348a6B61064B7344D88D3.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DDE7DB96EEF5492bA515B1C7AB6FB821.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E8603D8DCFB2488eB9FEC3938262E313.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\cr0sbtnj.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1E780256621545dc8FDB4F703D3D89FA.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5941F26154CB415889B7AD0BD6F9CAD5.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 73D9079393FE4b9e87D0A975D017BA82.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E0DE2AE59A1747b2B4B731B556283370.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 59E4DEB9CABA4da4A321CB9B39023F55.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\mihofren.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 322F509D8E72463985490B470F3F4982.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 28AE5DADBB3941a9B9A682D243DD1DC8.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0AF6643EE1CF4dc4B872A98D0D42B6BA.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9D7E14ED26DD48c5A091D631269C72E0.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A3C977ACEEDB4471BB3D0E345729BA94.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3CC0F4BD97034b709C8EF415A3227F32.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BITEE6F.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\pi4swqzv.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7DD40EEA17054a18BB9F6700034C59BB.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E7215EA9E1B3458d95EA1E4A0BCF3E46.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B7C861B58B174a84A35C6358B59C09F7.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D5C48E516C3A4a3dA91381544927C288.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7C098B5172314937B62F827502391FA5.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 19E9146071FE4202B4E43574DA962EAA.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\0i01hway.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7C86CD3813A841e5977069516C65B23F.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6AB08F5A27CB44beBCA99BD7BF8C31E0.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5C27A154609242d4B4761FFA36710B1B.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 403E13B5168D46a1935CC08091CEB971.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6862510148D144e8A6DE5DAA6E3BCF8B.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B517D11823414e3bA9EB99FF6141916A.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\tcgfxfbv.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C546CDE53DE047b4865A091CAC9DA57E.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AEF1FE5549C84024B4FC3B24094AAAE2.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 199A80A9C64C4ae3A94C371021CFD411.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D9F94AED191B495eB1CE64601D96F80C.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\uemlhnqy.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 22D949292EA249e18BC3659ABC6D7C83.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 57B6843CDB8444799EFBF5DEB3AF822F.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3105DD3D3C654d988BA49FEA0D94E63A.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2784763CF62147efAA00C4EED5F61DFC.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 38CC1709C44F48458AB13A8A69D2F926.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D43ED9AC47B7440497DBE15CED349BFA.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\0pc3sgkb.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B93D68C4413E4070AF2966EF10403D95.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 87B3A55B0D164a78ACBD4DE0FD6490D5.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 795AF799290C49bf9462F78BFD399478.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A4D38CDA0E60408a938F9B74390E6FAA.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 21D9069AD1294639BDC08E324CE03684.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C471D56D204641a0A6428E6F07AA7C9E.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\erarze2i.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3AE78E68A40643e08963218B0885E273.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 56852BFD3D17453394A1C5596697A043.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 43535A7F81124e6cA4425E61168E2730.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 929A06856B8B4c7e9337166F8B555F67.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 741CD05B26A84fa1A7AA2047A32774CA.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A7AA0C19844F47efA3106EBBB107F2D4.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\tewo0q5a.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CAB26803199047d3B8DB2363E7CCE952.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 20F2F8EB3C05470a8318ED79B5A393D3.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 001F25D2E6334e27A0B609657674AD81.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 98B8C3D065024ee19F3203088309CB00.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FFF764FAAC3548519DA121DAF4F59046.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 53AF0A6F74E7491eB32E18E677D3F307.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\zhjmhvnc.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A2C6CF0520D84214B0D29BCF794CADBB.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C8B74A21B1D94f2d8DD8AB734B632224.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 29AEDA9F8E254445820B5C15BBDFE7AB.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 40A4CD88487E434cA66E52703F46C7B4.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\ciouoplg.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 97EECCEF23084aaaA93AED3C57FB696E.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6ECB0B81B9704f0886FA335048A0CD7A.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 25919ACA9F8B406f85A371E781DA7208.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C9AFDF28E85B42ddA02E2A4ADC67DE37.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 273BF094C95147189494B040AC6904AF.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 10BE23E3ECE342748349D22C3C89809A.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\r3tjwog2.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B8A28F50E56B46ce8F374FCFCAD18455.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AA93E7D8945F48afB3A83A52AA51F18A.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481173893.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481173892.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E46D018F2BAE468c896714B737F5E6B0.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 58510E92C4174684A08CD69FEF3FBD53.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\imprbeacons.dat.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT9567.tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4048D04F5B4D44bcB5FAB95E5CD723C7.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481173828.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481173828.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1481173827.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 048000D17789457a8668D34A64D0BAC6.ppd",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1481173826.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481173823.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481173822.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131256474210907906.txt.~tmp",2
"2016-12-08T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\k0ton31o.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2834_1780_notdimmed.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 438EA9DD41FA4dd5B8B782A5100D2D48.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C2C46B75528649fdA89AB8B0BD371173.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1F2D08AAB0E049f080CFC10E9D8B565A.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1903BB90F8D34011A8B1DF52891C0AB9.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\lmfpmli1.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 138A2A72993B4b3f9D9D8D0346BB9E3E.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C3AF08CB8ACB49cfB0EE07182F6477FE.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0258AA1DC62A4499AB720BD6CD975F0E.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EE04C15E76AC4deb93C47B9AFCBAEFCF.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1140E1EF0C354a0b81817C77232F9B67.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 401E306756914b98BC70CFFAF70C8378.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\x0qxhqzg.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 31A030EA2E6A46a9A83107D56BA22047.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 38A80AE47FC24941B5FF82937754E4F8.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F41E1395E08A4d7aAF125C13A1BBB64D.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 37BB65DAE5274c3796DBF096F71B4693.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\nscvrpwt.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8CC51981D8034587BE84263145B5BA61.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7261A8F4B85E4154B83DF569AD54D29F.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8AD8BC771FFC4f5c88B8EF3B75244BA3.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C8123803991A4b5b85B6C2B52E74AC6B.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4D689FD1B81546b99CAB8745E60017FD.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0301D137639642f1BE73D15D507E59AA.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\lms4vdts.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B85D4645BB344d6c86CCE6D6F1E9D039.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3F51F1756330414e950255F640F99683.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B135A7818E254b9c90940D9282D73258.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BCE6AB929B4E432fAC4833CC49CF0BD4.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9F46C7B28A74455fA624397359EAF623.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4DE626183A0048488B1CDAF92135F0B6.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\mguk5qus.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B58F3979E6A04439AFBA3781B0527EB9.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 47C01DF2B8E44e43899C78D1F3672957.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EC0B774CB5BE48beBD37FDEEC714782F.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 75F38A3A04604916B43368B0624E3D7E.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BF681DA338424757A843E6986FB0A36D.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9CC0BDA8A1A14204A9F02658B3ED9C12.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\mxtbkdc4.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D6AA147D169544fbBFF3EC318E8556F0.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2C585ACC851F4bcd8B5CF170074BD482.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D732ED76CA814894BEE7B972B38D2CDE.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CA28E93BD9A74b8aBA112D3A502801C3.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 613F74C794784b84A075FFB59BD94B29.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DD2748088C5E4368B79418AC6702C607.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\lqio2p3o.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 50C1D49B0F6C4c42B3B7227C48FF7A8E.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E8F3E42B934B463c98EE5EA33A7B1BDF.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BA6B873CF5FC417695B97EA36B3E3FE7.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB7D3441F8A640e3BAAD835B5DF8BF7E.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\ce034ynk.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9DE12A4EEDF24806B4828FF99AD95568.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F853BD9CD7E148e084D33E6E7F95E328.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1C84991A4450428f98624D5AA9E0703B.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9DAFF90995C94cf78BFE90D7391CDB21.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F6C403B5BF6048659F4196079D5A7909.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4F59F31DE50E484f8E9AB282ED92415E.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\na45rxwb.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D366FD3A281049f58736271D9012A6F2.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1E70B22522194cfc94A0F4A1E19328DE.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D01D0A77DF1042d69DB07A1D081574F9.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A14C445255514f828F875FA36AB8E665.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3E7DCDBD1AB0417b9F5B19142AB93971.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 06A6BCE2F53B435bA521DE7B16EB9760.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\j255n2ld.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C505C41DB1B2449f827E8A16F33D14A1.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 34C5C532F54E4fff9BCD9EC6CC7F3DA2.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1CC420FDBEB6495aBAF9722451005622.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4510983BFA7C49c3A3AD23DC1F9B823F.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 65A59945FB9B4dc991E15E50D2B8253C.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BE216B45CB3949ad879D4DC163D4FE64.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\v3gyf4vr.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD8A8ED9667948b5A0806C5E1E6FBE8E.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1B5925F1755A4505BE2FABB47DF5EB78.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2C15AFD489D041a4B2862C5C89FE9C95.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 542D49067135431e81415601473D6ED1.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\fj3oyhvi.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FAC720316DB4484bAEFAD5F3C43E5679.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 77DEC3EE3C344a59A9FAD4BACD97481E.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BB4CA77947494921BD253AE516AEA081.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 157552372A514c158374B3B1B46DEDC3.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FD392468B3EB45a38C34DC44614F45C3.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT2268.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D39CE3DA4D23430a8B339039ABB29EA0.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\smgunxfi.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8DBF7FEB6D5A4f12B4DDEB0F7E647A9B.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6769FA57D9C34ea6ADD6EDEFA2CEDFB8.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 005E89250A0040f0B4BF9FEAA8011317.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D529B487F27F4e4099D7911B1ADC7B27.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 21C183F8D18E4089A2684A54F10943B6.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0370D20101FB4c769EF56A6D359DC793.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\4ib5bfqd.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\65fe1eb86d0c6bacdc30637e4ae5b713\BlockMap.xml",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C47B5192B6404e75AD81182C2C2CC286.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E7D4AF0E5166489d93AC8E7B84E9F008.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BITEBA4.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a629e635f05ac51eb50ebca12dec3894\BlockMap.xml",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\167588fabf61f54d2021e9e73b441443\BlockMap.xml",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f8dbf0425b30194666176a1719f48bc0\BlockMap.xml",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BITEE93.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 027B55D6CA8D4840B023281DD639205B.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8E9AC33F41704e41805C9FB7700C49BA.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2EF6C65DCFD84fee8BAFEE117783F651.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E749B757F9924f6fA003550D651725AE.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\BIT9B46.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\w205uwfb.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\BIT2CAD.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT638.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD7A222E2A974971B3996D19066C745E.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9FF5C7FAA9A1478e869E2F7611092F9E.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BIT8D2E.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B5D5F34C75114b2dA3FBF7A7B3579926.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 42E58057FF20493cAD7FBF8AA39887ED.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\f3e79428.jpg",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1481149467.~tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481149466.~tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481149465.~tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1481149465.~tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\1481149464.~tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481149462.~tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481149462.~tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BIT4ECD.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1481149454.~tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1481149454.~tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481149453.~tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481149452.~tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\1481149448.~tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481149446.~tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481149445.~tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131256230428861364.txt.~tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 47259A202F41436f977EF76425567CB9.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F431CAE37D5C42c18A1A9F92063671BD.ppd",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2834_1780_notdimmed.tmp",2
"2016-12-07T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\x5uhdphz.tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 864945B39AFA4b9eBE353E186D599FD0.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BE6B8F6575084ba9B6E8D3EE0179F6F3.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FEA5EF7E6C6D4dd9A6C051E5BFF0D8C9.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B83470E92A754e34A38308190AE8F3F5.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DA712AC5F8604479922D414D6CDE018E.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CC7D915B8F734e1dB102F140CC533F21.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 43076C16229B4d91ACC4C8C894843067.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D15379D478A54a50BAF5DC0B5B9EBF05.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0AF5AB00BDC940d5A95FB35FC5083033.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1ABBD209089D4eb7A330291F10590A87.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8118D07C343C43eeAD9B2242341D200B.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 39D08DE317B6466185077F25777E794C.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C5CEE7DEE8114971B3D9E63AB9EC7E6C.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6F0BA1D7D1A1478599B693B334178AAD.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 91E9C0CAFB0649afB33D9D26C9F8CEF4.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8536AD47F23B4383BC7E92C34D86C753.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6499AF4A9A584b65A564E95829C1CA42.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9B2C3E85AAC0415e9833934446A72938.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CD3A02F2F8E44411BA42D0AB22A6444A.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E6DAA96FB297402fBFD26D69D1D410D6.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9616ABF19FF54e98936152EEC24DAC15.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F41E2E225CA845ffB72BE26FCD378EC1.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 476FF49DE64C449fB191774A9F65270D.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 22663ABFBD084f02A549B6D422F267CA.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1F7084DCF1D04813AECC76203D1BD740.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DDAB73D8A260419cB885814228904F95.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1455C88D4DB04a1cBB67DE98DBC653DB.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9FB91E3D975741028B4349A1B8BF4A86.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\1481002884.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1481002882.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1481002881.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481002879.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481002879.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT426C.tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1481002867.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1481002866.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\1481002862.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481002856.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481002855.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481002852.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131254764495007691.txt.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481002851.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT426D.tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2976875149614d5398D6175E0BA800A7.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C1C598ACC3AA4c6fA93424381A02D51B.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A2788266C2804dbcA1897D2C3DF987E5.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7E3584B3A35E41568F0874CE7B3B69DC.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 78C550DFB3D648b9A35CFE63FF0A3FBD.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3E7BFC844014498b9381702293F35788.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ACB6C76F7BCB4193B730AF3CCCAE110E.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F35CB0D531894d6d8591AE11B6206FC9.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 56FFF6FD48464b8a9E188045A662DE78.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4BC214DA2F0F4857B24A6551E46108D3.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E4F6694625E14bc293547F01F7509C41.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\65fe1eb86d0c6bacdc30637e4ae5b713\BlockMap.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B5B8DE0036DC4606B70F9F80AF3A9197.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\a629e635f05ac51eb50ebca12dec3894\BlockMap.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\167588fabf61f54d2021e9e73b441443\BlockMap.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\f8dbf0425b30194666176a1719f48bc0\BlockMap.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT64D4.tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A8CA3124A1C8403484349889E1E9E28A.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D951A2241EE44b2389B0330C0444C4F7.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1F289F7BF2E14b9bB88CDE48C057113A.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 037A54BFC6E445f6BE504F1DF8FB6D48.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9ECAFA75E9454515AF814A5FCCC9046A.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 95B3AE94EC0D4d0aAC8833F7D0C93952.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CDAE2FA899F34e848189A52CFA37AF38.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EE05B3396AB043f0AD2D63E3ECE33537.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BITC3.tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1481001846.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BITF836.tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481001844.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481001844.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BITC2DD.tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1481001837.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1481001836.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1481001836.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1481001835.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1481001834.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131254754310740684.txt.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1481001832.~tmp",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AFD67589CA744b0e970E22E969D59B80.ppd",2
"2016-12-06T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4BB8B937A2FE48779311290353C37A3D.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 363588BC5A444a19A92C989174317653.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 332DAACA58E741b78046508DC50A82E1.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 44440D4C0DB04f9e8D234CF47EFEE74D.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E90FB3DF3B5342c2B6BB5667FFDFEF33.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FC6236D01E574f538F2160B18CD61573.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 668E1A6DC34342f7B3E96F38FE4BB39C.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C5214553C63642a7BEA660831D3221B0.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0F55C6EDDD544b1cA29C5A4F8A77371B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D89FAC28479E4414A8BA7777C02C3267.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1C912A9F6CEA4d139A20661AB27DFC96.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0E13D0559F2945159D4828358C6656EA.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 64D4F600D22B4d58ACB91F6C93411F82.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AF015B53DD7A4718B7262619BB623026.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 314747F6F7944fd68A5EC02FE3FAAA71.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\cm2ou1iw.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B79183EAE369411e99B1983EA9222026.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 54E0F56C3B30462e8B2106E4466952F6.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7F412CBE4C3842b3A7262E77C9D8C0B7.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 049C9A9A47974989B747E5BBF3B32E27.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1517E56910B341b1AB3820CCBD4460C9.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 846ABE3E336E4752A5F6C06A658786EC.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E932419A3ABD4bc1B5B0351EFCFC6CB8.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6CFAE8171C4842a186D60D3927A4DCBB.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 07C444DAF9AA45b68F4A6ED53CE8AB5C.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 500975B59E804281BE35073E7674AC10.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 25F2A192D077469dAB7FFC071CD02484.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 806EFD4B88724246BFCCB44C7745A80D.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\i03oblen.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5F4F15758DB448c29261474E10C6A06B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E25C48CA765B4917BB4A637A5D92D947.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5DE325658E974893B05AE09A61E7557E.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5F09F8DF5AD94cfe83521A7F5AF01317.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AE45BD0D845D4fb492AD6087F98088A4.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5C47E209D3604b5d888CEF3A8D5D4195.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C58CA1666E1D46e2B410FE76801DE3BF.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F772D01B8A3A4721B6FF7BF986BB6B22.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 30AEB049D6BE46d2BD83480332E55720.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E062F10CFD64479b9144A0FFFAB7BD26.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5EA9EBD96E7845ce836154760769B87D.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 10D6EE0A5D964864AF9AE51C52D8E567.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\4asbf03h.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6E8D046CC7BF4bf2BACFD4223B962525.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C1F911956BFB45558F6A9FBD27031F43.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 319575BC72304eb081450FD8D0C8AD8C.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 26532CAA8CD74a2f88CEBDA08A5FFF92.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 85080C5DD2CA4487B96107B1697D862D.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7EB9A6CEFAD7412fAC6428C9165D633D.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7560B5BA8CE346a7AB18CC8B64B60D8E.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CC9C1BFB975C48189BA8E61864FC6775.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\tenguuw1.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C8FE6C2526444d058F490AA6BDD5109C.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0F1ABCF3C83947848845F4D021075832.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 69D9A51C0BDB4a84ADC41C0E6AC86194.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EC77FAD43FC84831813662E3C72C90D1.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 90D60FF0870E4f049D17A9A8638FDE64.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0DDB3F2D14C944b3BF2538A0E6A2C22A.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 065FF4AA048B4aa08D633EA7627F42F2.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AF043969244044a5BE52CD12B036F4D6.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 142CB53A1EFE4a2798456C5932521478.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 938D3DB4EE9548d3BD08AB3CA6643621.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 86B78E716CC042c3A1C893F02959E431.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 14FD53F58A3D4500BD3171DF8953556F.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\peooeydl.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AFCA1A9E5AF84b999BC5AE8AAD377F54.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DCECA80060934ac2A771C1C79254BC25.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D341B02371244ebdAE5FAA8C7C75A6DF.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3A46F705A0CF4dd1B24878FB991BD732.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B5FD1E5072344c07A7C582A0B2156EE5.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A1BA42F908A249dbAC60C97FDD237797.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 345518D3B53C46d1A75DEC4AF4DEB38A.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6E70C1B7F5EF41f18923B23068A62394.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1291AA0A4E1C43b1BAEB375FCF6FE7CC.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AE0DEF31CB904aecB62275EC1EA2151F.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D5B99419C6DC4af6B3534D4F4A492285.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 19E32485B6D34f36ABF2232564F5C6C1.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\lg1bks5h.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1C8CC45D81D449daB53F04794F45AD2F.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 724D5E9BD0B2460a9414C2ABDD984CC4.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E1E6B7F486E04896A47769E4B83CD998.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D0D1E5D99BFA44a7BC654DB95519D323.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E3016D3C274E4c08A44AA6003E694063.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 63BC3E02CCCC4ebcACD991409F207C26.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6DF4E03A8ECB4611AC8564DC3D78714E.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5833F5F9289E4c73A1DC4248098C8AE3.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 237793A074B442888C3AB7461537B6E3.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 764D312F9F47421f8DCDA86800B2E7C0.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D4D2665C3F1B43b69A3949A55D60A3F5.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7304CCA76AA14557B8FC32D41093E3BC.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\j1rmwzv4.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5751D3B42AF049e084F96AB1A75AE32A.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 157BDA9BAB2746c38B6D4A6728FD2961.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA950CB585904fd5A9F7CE0145D944AC.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 74BE896B13EC42c0A5B7961E5CBEF135.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 23B2715F25CE44ccBABC7F0521DEE623.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 96FE9A2BCD574a0f907F9ABFAAF92B46.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0CB703A908204e238E10AAE6D6C0CCBF.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DC430993BDEF41c1B6E28B687D6A008E.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\jrbas1pu.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8925A6282F4149c393B6DFE15A7E3FD9.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 87581C10DEAE4d318231DB9A25C5DC85.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1CF4A1F503BD4deb882F9B8D54A77D4C.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ECCD60BF16DA44dfB3DF652E265BF2C6.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E0E2BD32DCF84c65856ED94D19995235.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B6742FC9D1644964A39B6CF10BB6FA6E.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4F079EBF791C4dc9B30AA2816F3EC385.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 275D72CC17CF41fd90501EC5F6DBE1D9.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 58A70AFDDB314a8aA2601ED260EC54E7.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 546B807C4E1747a6BBDD2B35B6E49288.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 72A8BC20A352416cB0B392AA98BD6F6F.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 593B32140C1C49b983B77633CAB52DC5.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\b2g2ifnt.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 88FCFA4AB8AB4191856061A35ECFAC13.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CD30FE94A46B4cd086D41B1BCF0AF2F2.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8ECF5F392FF242bd908E9DF034CC5530.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A4ECA3C13AB3466097BE028CF0DF6ADE.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E4E50963E2D14f069B93198BD4DCC0F6.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4C975B56A2024e35AB2FE9E1B53E3819.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1C979A9CFE3B4da4B7B8B2B8C7164375.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4AE075CE1808483bBED89BE45E15DF85.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\nlikko45.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7C0E9C7C68814f058628A41D28399C9F.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C6A92151CAD044649012868468F9200B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 43D20B4C15EF469aB10139C7355E7983.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BA43758D331641748EFC5732C1975889.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ECAD21D9F6704f94ACA664B60E0CB561.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C5FB8FCEB0E14a9e83D9215D1113AFA2.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DBBB64CC8B124ec4B5DB3F4B4189CE3B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0D2DA74E208E4f26B5BAEEDF1AEC3E02.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7DC31E1B1C7141d4A01A6282817CAD48.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3669CA7E72B84106A29850E8A9F953C5.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\axxn12ff.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1B44585B912143209769C102FD163224.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 590B82D3C066479b87A68F2256D8381F.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 61728BA2B68C4541B97ADAE1537CB542.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 298EA7582E8C41a0A72526AFAE633C8B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C1E4DDB099E34ef0A2000456947EA6DB.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 386875AF6FDC47ee8FEE90C3EE7C68A5.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9A2CD69A83E34aa9B1DF48B1B827F5A7.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8CD62819871D4c47A4903D33AC37450E.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 868072D6CA6C47e897A95A74784983E0.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7484682C13DA487bBE8C5AC6D891688B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\q4bvwz3p.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F25A249DB08148c581845A99700AD0B3.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT9C23.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0501DDD23A504408923933683E732AAE.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 75A60FEA69A94bf5B0954532CDACAF13.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 85B0FC2132654714A99AFB41538C65C3.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1F4DCD6DE9B14f4285EBED8AA8D52FBD.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F675E9854281488f9A8BF21BB9F2D7D3.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 09241EB5FABF4b53B888E90FE7C9E9C8.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6370A0DA5FF8414dBE03D76CD20EC4C5.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 335E115EC2834e7a8B54E4204A8C3845.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 54C2B8B874A14c70BD6C3CA518B6751B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\n3vooigm.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B497170E83EB4c0092EFE7B1C16D5A5E.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 71F7D970A2474429956270B46813D2D9.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0A89F5869C6A42adA0EA67CCB4BBFE94.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A850658EB501418298557B1122FC63FC.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C8D2729ECD3643089067802AC47C0927.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C38045EF73E04589A466862B5B97A0B3.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 055F7D8E5808417a9619D9F73D92EDF8.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4721AD47B60C4626A3085E7DC9A72E0B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F41D5C199EE9486cAB81D4355920DBD6.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1278E4103CB04f7dB3647C37B9757460.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 586257E9141E49a99E2F37037285C215.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 91DCD28D5DA44c50ABE6601929AF7B9C.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\ql2zvoxk.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8A2610B8772E4af3B30F1116B9BF7872.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1F1378988BED42deA2F794E7E4867AD5.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C98CF8F09147427fAEF4EE34AFADF2EC.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 91CA985C67DE462dBCDC4ADA06C1A521.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4B23611C260246a7873CAE35ED920090.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6AFC869F453A48f2AC7F093E050B1321.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3B204858A17B4307BD764949876E1E31.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0EAEAE8CE40D4c97B473528DC862280B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131251000154977812.txt.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 870E80A2CE044792B2A9A8C4B9EF5576.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CCF3F2B72C9B428592163E7D4CD577FD.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A8B140CA80DB4ec49EA98054BB38654D.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9B7A2E081A1B49feB4E6D41A7D5237C2.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\rx0vqu5n.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D20C61CC2E9C4335A135C298D353D15B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8471814A1E5D4db994B5BC63D62A7165.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F29F910EDBD341639BF1F5386D5506C8.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\eventbeacons.dat.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131250999409241365.txt.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7C7CFDD8C0164aebB0280C11C857EE3E.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\eventbeacons.dat.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___3026_1656_notdimmed.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe","C:\Users\user\AppData\Local\Microsoft\OneDrive\settings\Personal\global.temp.ini",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\tvmkkxzu.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT74CB.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1480626251.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1480626250.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1480626249.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1480626247.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT6615.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1480626246.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131250998444849359.txt.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1480626245.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1480626241.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1480626239.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1480626238.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1480626233.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131250998318848209.txt.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1480626232.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8331C27B739D40059D3B0630573C8F97.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 41E54A7E26F7407398F1DCAD0D449237.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 615AC51AA91F4cc284176B84D15D0B56.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E5D63618211A4670AFF78859B387AB76.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1096A2F09ECF49b48382A86B2EF84A32.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BE4495D2E7104208B7A0C8FB5FC22E24.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DC3B60AD06B04e8aBAE95986B72DB209.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F0025168A9BA480eBFE6399E86F6CD34.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\qmc1e3am.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F88188E66F0E48b58FE0774ABAE00C3E.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5C4E57F2ADA545e29DAB4DB58637FF01.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E406E450E7794708AAF87A6105070667.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 13ECC56BC4C045c3905E2B730395FF5C.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 78C415E75B8847438BC19ECFB62EE75D.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0A60D1AE00AC4f5e9B5924491F4C209F.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2DC0A186E2B1446bA8FCEDE91CEBFD0E.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E4C9DA4592C44385BBFBB611383883C0.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F7818F933A0241038180E2E21BB36E0B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 793E34484D644546BB92FDAABAC0CF78.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\ofso4rsu.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 47A0095AB6EC40b6A2AE3A8F266D7818.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 371C3D5888CC4990B7430AA02FFF1D8D.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C43D754A72964e9c817A09E8F1383C7A.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6C98D845C68F430e9C170BE770E4C5C1.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B03E24F2901849c2A0C07B9B3155B0FD.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AEF29318813044eb91EC402DE3236D82.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DD5635B5146849ae9B7DA63016F5785D.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 580692BBA2A645129BA1AEFCBA8B04B6.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6F03F90DA6DF497dB1EAA50EA39C178E.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A9F1F98022F949ff9998CFD5C9CCC7CA.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\as5nrcvz.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CC073AE3703C415bBE16C368D0791A02.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD3CB8128291441fB8D98FC597B5C9F4.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0EC24BBEAF544a528B59C06BC4CDE052.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EBF1C048634B46beA2254938A502A2DD.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 02572F38F1524c459FDE419DC33C1299.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7890DA61B95649ea9C9221E5071BB6BB.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F039E002DC894e10A6B7E78D415A5FD6.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C2F720AC79954f44A02AC3BCD199E182.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DDECC3FCF1EC47c186DDF73FA2A8C6AF.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E092D4DA30FA4ef793A7818512508AD1.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AFF41D3CBCAC49919C577CE24BDA6C4F.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D89A464CAF4A4098B7BE93262B2DC173.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\g1meadpe.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1D97CCBC012F47f0BC8C219035627D75.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 19E487E1B0844715B748011A46527B00.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C1B49534899744edACD9D51D93BE5E10.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 14D8D01D12BE4d3586C985E9CEC838B1.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 24C56D5ABEFA4024843DC0F37325903F.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 285BB14FCA5D4beeAA88AB9885907301.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 069ED477D64D47c3BF6CCC6D1814BD37.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5FF11D9297C7477eA36E7F199DAAE827.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 54734C2C0ACD458f9D964D5ECAF31E36.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0A56CFA25E36456aB50DB71E925A6A7A.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 99665662506049a79285FF64CEFA9196.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8375996424604dde96EE4B9CC801B942.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\g0xjyh5t.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D060F0F2981544c59CCBA6F96539246E.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5985E8A0A6CB48a897E16929AEBD906F.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 200CA3BE6CB349d8A059EB939CCE7AEB.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1A1E3B674E8A4b119CDEE12F24F16697.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FEE9F48633C24259AA85E40EC528BA77.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E32A68FA711447eeB93B0B43CE15345D.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6DA674EE221C460aAF6594E5803B45B2.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3F7A06F224C24e0bBB0BBA6887C7BB45.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EF514DFB17A0460282071FE50D156D60.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3A7461A79F0F484cA0C9A6DD3340533C.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 764379A7A94F4d2eB8E2F146B3BA9258.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F37CE6EDFC4948558B3B084934F50204.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\vc0xor53.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E9F9E109613F49e69380A9E716E58795.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 99A358E3A15A4bbeADDFDD45909D2B79.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 422B8989CE8642b7A8F291D18B13BAC7.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7BA2DCE8F3FC40f988C6360FB8B14F32.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B08F4AEE7C804ddcBC328D0219E4DF0E.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A8EAD6FE5A9E4ec191276BFE5FD77657.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1B6F6DEC59074eb596DD0D58680432A3.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 42EBD904C042432589BAF13953E3C5CD.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\4i2314py.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5E589C993BB04a0086B7B9E492D5572B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7D0379D1BE5544b999257583A9994E5D.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 395375CA599341578ACCBC519848E54D.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8170DAFEA5064d19A97F9CC2695C2688.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D8BBBCF0EF9A4c7e80FF9EA58A5C64DE.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3775CC0AAC5C4a658346B3835576F1A0.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C9C3A5E403124b0bB0C1BD83FD798DC6.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A5204A0C6CA649448F097226925AEA55.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6DEB6DC3DD2248d98154519D85C56914.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E676DAAFA8974c03B52BC9E26B7C9F8C.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C56E5BDFA7CC4f99AE54D7F871A00E38.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6BB8CA3AC57F47a5B2FCD7B6D1FD59BE.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\ufqdtrgh.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8314B55397924da5AACF56634156913C.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7230D68345C04078A51280AA10039602.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 071A462143894e828FBA152001C32583.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A1EDF64BA8CB4b5dB7178EC36C8D12BF.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2C6A7D8A3DD94ec7B8A33631A80D429B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1DA41E8B111F4eb99A38E370F3E7C9C4.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5E646BB2DAFD4f7eB5F5305D89FC8D72.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 898F2668308042e3ACDC477B4731EDC3.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0441D96A463B4fe5ACC78F54F00FB4DB.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B1DC586C9F7E41cbBEBCF61832611607.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CCC29B00D249480586A37C5E7ABAEC35.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8C3D428E575343b39564202E36B38A05.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\lyrkpikv.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 629D7BB247FB44f5832FBD831F9404B2.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 166E84A257334a2d9ECC61227CF57EE1.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 00D5838DC376421a8033A261176098D8.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1C4A9B4B22D147df9EDF080E6A273924.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E50C65AFA07D4defBDCBBF69480F4B72.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F21F700AE34B45019CBE422100EFB71B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 749AB10E24DE4123B52E138EA76B9FBE.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C8B88018B04E47329F24A08C12BBCF71.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BDCA668E2FB349ca8E82FF37E0694E5D.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D33A14911651451cA0146C2486A69209.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 260EEEFD2D5542789A3E3A2FFB5211BF.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0969074FD0C545c6A97F9AC462C2661B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\aar1qsof.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\bef33fc5.png",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131250736687451706.txt.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\ad73310e.jpg",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\4bbb21d7.jpg",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT7346.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BITEDB3.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1480599884.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1480599884.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1480599883.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1480599883.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1480599878.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1480599878.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1480599878.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1480599877.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1480599877.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131250734591340434.txt.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1480599875.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1480599873.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131250734533115493.txt.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0D5657EDEB2A4286B8552A709B43281F.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BC94D3C9FEC546fbA4435409A4D29658.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9FB69474FBD64489AB7934F79CA983FE.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B50768DB72214155906809894E3438F7.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4922F0C6D9DF4a93B884A462E4648DD3.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2850267D3F21467aB995B50138EC4AFF.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8AE4E9DEDEF7409eAE7D9484E7486F5B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\eventbeacons.dat.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\eventbeacons.dat.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\u3v41kvk.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5CE2F0D7473F44468FDEF31017635EF0.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 232E021A648B4523ABA3E2B274F62A15.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 094FA0749F0E47348F8A2C97EC1AEBC6.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AF0F57B453FB434aABDB6000DB481F2C.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___3026_1656_notdimmed.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 332C772A530A475fB91DD9F44072B0A0.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9299B47B53BB49b4B233096443A26135.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe","C:\Users\user\AppData\Local\Microsoft\OneDrive\settings\Personal\global.temp.ini",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8339CC52055F4ef19C3D8CCBC280ACDE.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A0C26F4EDDB6413e981823E769FDB071.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ED04A1D9A0D5497895D91C858DC9CD3C.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\ifzkyec3.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E51C694FF8F44ffbB7D48C47111B2065.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 44F82904921A4941AEF9FBA984C3FAFF.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E252486B77914518A3D8D2F2F86F6E9B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DC87A8BEC0E34af4A6049B55F3D19826.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CFBF1951E0C24259BD75CCB1438D853D.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 68F61B4C135A4fc683FB3E70BA67391A.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\1v2twhmy.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 587294CBC245472eA388FD76C41EE6A0.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AC02530787F54f4f9243E2C106A74152.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B070CFC0735542058A7C418E8C66A8EA.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 792B71E116974c4eBA1A061CA7308E48.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 17D2A7745E5C4acb96303D174DE53739.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F6AE927E2D9344c6A27043160C080F2B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\hjh1iqml.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 45601F35CE094b2a975036907EE80838.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9D70604063324c66BA3AF715B07189CF.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E9098D1210AD4adfB450E70BA5FC341B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D0A1C4DF5761420b9F346560980CF616.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\ycatzbah.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8F43239C5F5B49b581CE6E68E26C5E50.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F729D876F9DF447d909AB3DD3933E6D7.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8F82536FADA74399A5ED033CCC3762A8.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 131370C8C9D04fec8F719D919A910484.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\f0e1b517.png",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A21A6BA346EC451fA185E8D0F97BE590.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0CEEE54A97194cfe9F50C02455939E06.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\zxxoty52.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BD507C33B0FE4c28889B97CBE26DEEC4.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F67B4896886245f0A453AF0E32DC3C2F.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 53E48D83921D415c82172E7F0A2F8CFC.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 27AF9E44D8CF4720B7651D12147F22A0.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 988AF746F50B4e0d8BDE7E8C55B42307.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 65D871236C8E412bB5CFDDF722113C0C.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\qxjiuh0o.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C234AE21E83443e88E3DA21CAA0A7A11.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 063C0629AF6249f6A813D23018041262.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2F61EEBFDD3248778C053AAF41842828.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EB30B00F574F44ca87D3D73F15380CBD.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DF7976DCB33C4da5BCA4E64DB95F2DB8.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 24976FCC36034581BA7A7260CCE61FD3.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7D11B0202DA14067991174642A346B69.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A77B143D24D6497f89C2200E23687547.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2B3B96EDA2D84111942555C4D9982263.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AC87C6BBD724400a9DF779FF3F434EEF.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A915FA4C2D2E4d99A5FF17AD418EB601.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 87811A69EA6B4df69376565BBE0E5F3E.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\noggm5lu.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C95F7C6D753540a385CCAFBBF58449A2.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ED306CA514E54eb782E01A6C68C21C25.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1E1C460FF1854ea48413DD989F13641E.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F87F2F64D3FE4e20980598BE8A2F91E8.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2138CDFE180B4f749A0710AA3CA08A22.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 233CB548A7D74bd2A460F51A52A0238E.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 159A6ED9169748168E01477215F9E623.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 49CB522D552A4861B6127A97AF75A345.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E5270FFB211042baAC7157BEC7757DD9.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\zsuzkmha.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CB83EDA505904a35BF78B4CB099E1233.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E41BB14AACBB4df2BB92B136331BA43B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 514441C3EFFA4450876467E26961C004.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131250452809009599.txt.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2B1DB7191235445d94BE17B6324744CE.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9F4EA9277FA84fd69C29FA2F8059EC4A.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ED77BD4562FC4e699C5114D662602EB2.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9EF3BD07965B45db9F502EBD730F5A11.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C02872E5BD7040b082AF0AF3BEDEF932.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1418BAEE934F4da2BD7A64C6AA90DD60.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B100EF66838940859271FB37E8130E9A.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BCC7518CE4FD4ffe8C587061B8DCE327.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\fc31fjhp.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E882781EAC344b62AE9F44D70061F87E.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 18A32D45AECE4a47A62C6C2BD8C850E0.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1AAF21D5BEC1474d9BA295CBF5CDC872.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3F898B977D9E448c88464F9AAF7FB117.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9CCEAAEC50A440e1A429212D911C7050.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EC8CA6B5123D470bA5A6F308560B9260.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 42CF929B0BD347b3A25D8B873BE5DCE6.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C97D364D669A4b7d9602EE5B9293D0E9.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BIT74A7.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6160A50D754C4770B830F936D3C047D3.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A464D3AE2E004d849F3700F3B2DE5560.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1ADAFCE3AAF944ffB8798307ABF6BC91.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 91B9B212EDA04783A65233BAA708D890.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\bef33fc5.png",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\nramn45f.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BITC9AF.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\38be72041eddc5d6d697b25e07533996\BlockMap.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fe928cfb54fe25e2d6bad291a86b46e0\BlockMap.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\f3e79428.jpg",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Temp\BITCBB4.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 22165DFBCD6840b8B48C625535E8DB70.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7B45683E77B64f7dBCC26C0924F162C2.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 556FA32D6A5F4bc7AFAA6D21971E53C8.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 543BB0DEB640407696EE91C903746091.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1CEABD092C4B4331B4737B5D420E7E15.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E1D7781E9EC94b1fA608E8028C49D7F3.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 857F7C64AC4E4289ADC01D501FF93222.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B4D472C943C5412eB1FD8414E252C952.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BITC7D5.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1480571361.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1480571360.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 105B0EA1844B41b7A9D4330ED421B0F7.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1480571358.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1480571358.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8E7A99BE57AA4eb58935CD116A41D4B9.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1480571355.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1480571353.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131250449513121306.txt.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\qlqf2kcz.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\BITF9B.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT74FF.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1480571302.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1480571302.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1480571301.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1480571301.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\Reader_15.020.20042\BIT5224.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\1480571293.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1480571292.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1480571292.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\S\BIT1C00.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1480571286.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1480571285.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1480571285.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1480571284.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\1480571281.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1480571278.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1480571278.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131250448760879012.txt.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___3026_1656_notdimmed.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2834_1780_notdimmed.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6B27832D5D6B4aa5A0B8042606060FB3.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7E97D68D1A7141c0983892D40900011F.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\uwtiuex3.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3CB0D2F292BC4dda82FE6F139D38C05F.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 58A442BACD53471aA30D5BCBAD4E5C1A.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 483AD67E668B46e9AB44503C742E3C6C.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 13D6A344B9784c548C088D7A47C5F3DF.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E6E3E948D9DB48d3946CB0F0BD03F848.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7B2F562797644469A7B53D28A1F1A705.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\ibizeqdy.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 238757FCED38400f961AAF5A9192FD98.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E49014902EBD457a97674B007B7EF1F9.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FEE80EC951AA41e0AD21F2F5D9BC7F31.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0F64A3F8C3F444d78DF01FC5F8360879.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D70158BA3A844e2284C9ECBA539A3634.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\wkr3q3tp.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FF2F5526D1904172A6F9851AA82BCB6B.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8CC499B0DD92475cB803FB369AEF7214.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 03A73EFA53AB43b89C10F139E58E1608.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AD6B7B51E0E34402885547DDF49CD829.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0C5A57E4B4984b7aB1A16E0B497ADDF0.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\dwcsa2m3.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6556C750ACD842b78F240803C83ABFD4.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0FFF361357C6426e8C04A76B81404349.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 26910AC5317F405b9E631210BF8DA0DC.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0DC57D13D4E84915A2E4BFECA952B1EC.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 142805D9AB2A43529027E23757FEF171.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 189EC990D6174e77B3A50C21BFE8636E.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\inxk30o2.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1AF035744FF14d289F95E4DCDCAA9C00.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6CBA9F1735ED4a3fBE5A0238CE7F6D21.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 074DBB2B7DA44f20827E738A6B6BCA95.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2BE53EB2E3354ba39CF7D64BD3602700.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DA363270BB174703A1C2F889EDB660BA.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 33C80BA60D194fe0B61E95141A6B66DB.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BITC5AB.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\ggqs0u1z.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1480558045.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1480558045.~tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9D77D81DA7974b92A7CD75301525B684.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B0C1347F85AE431bA31C59DA97A42EE3.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\38be72041eddc5d6d697b25e07533996\BlockMap.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Windows\SoftwareDistribution\Download\fe928cfb54fe25e2d6bad291a86b46e0\BlockMap.xml",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B2A446D6A8FF4c49998033412B80BB02.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8A3986C4E34E4ea1A77B9E92DF694E45.ppd",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\h5ogq0rw.tmp",2
"2016-12-01T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 62C47A429AF54a21B01C0E358914A28A.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5BEA8FE21FB940059DB07B51CACAB999.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EB4B58C6A520425d9FBB47932C21A8A3.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0D9242FBDFF64299B2ED6A6F6B697CF2.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6334A495391E416797D53E7F2C1303CD.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 92284E58FEA4476584D418AF297850EE.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\lclhdo54.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3EEF78B9ED424483A8C5EEE02E909886.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9EB6940D94564846A49E657279CD2A8B.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FE269BE260464fa1B3170F8B8977E03A.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9ADDC76CDBFC4dd694FD0CEB238CBB88.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5C108A5EAD6C4a22A9739E5013540148.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E28AD2A54F224a8bA97B19BF3C30C4EB.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\14mqrabh.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B4BEBB317FDF4037A95169323528197B.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 703C0927D43F4e67BD18685CB7FE54A8.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 24A5879701AA4300837959B27EE70481.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 199534F6F9D44e7394E9B0C6E639EB96.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 636C092809EA4f9186740D56BE8DF67E.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3D4FA2CE402343b3B0E341AC7BD1A9A1.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\laxsyaro.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1D0F5D3E51FC480cB7C8C5AA3DE1C080.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2A64F99B6AEA4ff8A470FEB26AA1ECDB.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1C0ABF4474E24e479DE70B8E6AC38F24.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A7E498AB29814b32A44D61AE75843EEA.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\ekapvhhm.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FEA1D7F5531142389C028128C18DD61E.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DCA12B8C47094ce78B567CC36B60E97A.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 45183D4C1E414221AA8681E975AD2E90.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B59A5DAD41724deaB2CFA543AEE4509E.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 44AF8C63F9B8497685AEB1549DBB566D.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 76BD69D6B014442aA34CDD3CB0A4DDE0.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\002u3yco.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2E3AA892C6CC4df1912CD5B56465355C.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DD46A5C2295D41f5A8F3A52F8DD4F53A.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7E0D5DC1B04C4df4BCA5F85BD8E53F0C.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 306BCDC59D654d51BBBBF18602C64C1E.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DF22CC6323864663B41C02E43AD4B360.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C6D12C1B97464b88A6F402F883F24CB7.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\k5jwtj5w.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AA3981DA668C4a04A1476EEC1C59EC84.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 81B8B3D22A994a8fB3DB702943D84351.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CDC41A8325404b27A96E305D3DDC5D48.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AA33555C3FA04effBB24E59951B3EF43.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3C3CF323C2A5486aAEF80B09B91D4AED.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A82052E71B9C403286F7E349B3FE264D.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\px2pviuj.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E243AEC0EB8148c0BE2383DF1400A96C.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 99AF75B729114e9e90F603A0786D3376.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B42398F0A1984b0cBBEAF5F71F3E29C8.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F4EBBD136CF64c01AA0C1CCB14906E1F.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\twngn04s.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5F0E93F985A04a2896EA7460405C9E64.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 136963E088CD4cdf8B9170715702C7F5.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 37F8FF756FC942c3876DAE25D63B852D.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DE5FD2963262486c9E68A4AE845D58CB.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5EDD859D9A604e748B0152B76C8AD43C.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6B474D4048D345feBEC6A7D57DA6CDB5.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131250212036650707.txt.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\gpencouy.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 759C92FE825C42b095DB1C0282B39E2D.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA85A8D38D82471282C097284DEAFF3D.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 52E4FD4B747F4f16B7F223A2B1B27F6A.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7668D16CE1064df1995C21EB82F1F4C9.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 84E451E14517405fAE09868634592DC9.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F20635D63BED433bAF8F8F421D92077E.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\134n4iau.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CEC889F645C849d387C8E98329D95F54.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D735136B6258416283291B54EB037F23.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BFCE1A3C1694437fBF07659209753A34.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BC65DDD27E91483bB6E77A1CC5F05F9A.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 123A6BD47B1C41faBBF99452C5C32D56.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 545E1411812F498bBF4B2D9E07923AA6.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\nzcqipql.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E38AF22830C2403eAA6702B79C4D45A8.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4D208485974D46b4846F5FD959E392E4.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E0307BED0EB744ec821438CA3F9E3CEE.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ECD4EEA96CE24b719F6614C389E56FA8.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C98E96A3BCB24a6e875423CF395E0495.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\2lobyhbj.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D04143E32B304d1dBB46B815AB4B810D.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8E61EB9570664174B8194C60D56D00FA.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA3FAC4D991F4071B287380470BD9106.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0542A09EA2A84f14A1939B5145883DFB.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver ED16E51DA2B64468B8200BF341F25EF3.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\z510njxj.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 360132EFDD054d5cA35A97CCCD6E64A8.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 17DFB6B28EBA483dB5D70581C3E2894E.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 141BCAA68C384c419A8424E79C15D0E9.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2D47A64B2EA84709A72A5AE90E5DA63F.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D96E3A14863846cdB1271D2859FB2E6D.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9F08CE8C05FB4a578A04224EB74A202F.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\zbkrmntc.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9A6F7B875A654cf39B2CB78202C48F97.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 52B35B1F7EF04a519AF79933A3D28EBC.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7F010A42C0874fbc8F6F982C53591E14.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 413BB501BCB948a09BF4269EB6292290.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8AE97C163C874827AD94EF4A70747EDF.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4285CA9C3B824447BD946C98364F69AC.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\zmwuhpat.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4F5FC59901DA4f8d88CE9776FB7B4A18.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1278C4A063244387A20E443A1F56D747.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C16357A339DC4c36BFD07BF4BAF7927B.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 57232A01A5624866A1EDF6E9A2E1BF2F.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0CDB1FE2FDC1455bB6716E842549EAE2.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\ma3wel5e.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5C30DCECE07E49c3886398EDCF2D739B.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 48D6CCF756E343658E5550EF11439BBC.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 36E88323F9D24486B0E42503AE720CEB.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 92F9467EF6FE4305B8B50AAB5B6D255D.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 376030C0846C48caBF6E43FA2E18C4BD.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\sznk5xhm.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7FED0DC0075F4f17ADC18BADABB363F5.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C2416E9B71134795A2846480469EEFAD.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\89d7ce5f.jpg",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4C24B69B7813414c9712895EE3CB4047.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C9CDF7D86E66466b8C071AD0C931D0F2.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 768033C8CB5A485f95CAF54A6B4DA95F.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 65FEAEB43A044be49A31511BF01433A1.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\edy5debv.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A2E4155913EA448bABBADDCD92D7FC89.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 615EF7100CE547cd82F9FF600F92E13E.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BC90121330B54b7283BFC5C927853BF2.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0E885F6B390444c8B9BDE2FA84B633F9.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\347607fa.jpg",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C90A80E98F4640cc8E754B1C44626871.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 73BC9A78D43C41889BED4F62A11A246C.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\i3v0u1o4.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 11A90EFADEBF422aB9DCCE8C427537E6.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 32BB001F7E2C401086655CF9DC24D0CB.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 94B1492337E540aa8C0C942F7E559EC4.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 22DAE755A80F4bb1A0ADC0A08BBD8251.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A22789E4AF204171A58A69DC2BFEFFC9.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5AF25D0BC3F345f39B5013A525E24560.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\wraoehnq.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6F904CF216D04358A042536B0C156D3D.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9F28ED080AE14285B0B97BA9C40033AD.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 634A3ACB4E5E4ada93F2780E118C33F3.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 72CD89B2DE7A48bc966B88C905CE8554.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\bywjcbo1.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6E757166051A4edd94B2E2C733C5BE84.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2DD40DA9D58F4eb58317601C9835D1F6.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C81599C8EEB14a838FA38C71302F1E6F.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 64820FD55448438f825A5B6D9BB044E5.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C2B4E7612FC149e4BCF43C14D8608257.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 01FD15443C4F4bb583618F115E62C632.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\f3e5kfzl.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 675988CBBA84465b943E13B43331273A.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9063DDC5860944afA17BE1C4D4C5251C.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BITBD6D.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4FD44968AA0A41228CC2264DF541BC24.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3B2EF3B1E1B2438a8F5F44FCF402D856.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5C419A110E3C4bef8A4842EA2AC5F87A.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B71085EA5AC6442f98FB2E45C70D2535.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\xox2vscj.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0FB8062D2E174a12830A8DEC2688B36D.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E900340C6B944758966FBDCE2B77BB91.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpnidm\1dd317d9.png",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8DDC33D572E64f779FDBB9E630AA8AC9.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 77C6A91A1A8C47409F1269724E05CD5B.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT1648.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\eventbeacons.dat.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1480545812.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1480545811.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1480545810.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1480545805.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1480545805.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1480545804.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131250194031531511.txt.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C18DE5139A444c1dAB74E2E3C5429A4D.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D3AF4B9A57494663B149E7C3A2B96AE6.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\h51yxuhh.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\LogonUI.exe","C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2130666815-4155069058-2758450316-1001\ReadOnly\LockScreen_O\~ockScreen___2834_1780_notdimmed.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6DC889FBA68643b7846EA6C3E9B0712A.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 273767417FA144669EF688B379A29FAE.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CFD459D8AE22407d87B2EA79440931D2.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B33AA452DC25448cAA98E97F95452578.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\ku2nv15b.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4F07006CDB0D4cb3AC2504C44CF54AB2.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4F0ACCD36F6D44668EB8334433C04052.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3A16DA5101B541de972E42F09DF53618.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BEC3C8FC0CC741208DD0B1C0C3EFB465.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1A532A3DD6434309AEF69B918C821675.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EAD78C9F1378430e973D38E17ABBEAEA.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\skzbyhp5.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 21C408642A834ad8BAA6BEA59A2E4C0E.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 82E58BEBBC16489cA2EC2D86A68EF9A7.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 46D0598F63C94c21B51849DE9D3BFB4F.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 21532263C587431eB3FC5221759A8090.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 675D8B6F63C64c659803590BD517ADC5.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\rvbbzy4y.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 30A33D633394455fA387D333F463B26D.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9D975AEC74B94bf3AD0DBE5079468EAD.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 24E214F6BFD1478394E9D1D1D03C6947.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EA8B0FC385E64c7e818BC0CE137FB1E0.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4F1A9847BD1444c483E239377E9C3A89.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\3hlswssf.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C418271973374b1f94B6AAF4C332568C.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F679B05E5040453eA5736D5BB6753A77.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3EDAB8AF0E024222B7877EFF939497EA.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E57BE209E0134734B38A8CD204AF7EEF.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 57411F1975754dc2BC827FE9B18A7E37.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E59D6A0BCA7B42ba80A4C5937AF9DB37.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\wwpd542u.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A3D8704E6497433489E5130B49D96F95.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C564FC217FBF4485A66105A7405D8BE7.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 48337CB284814e8eAF57C5293CAE04A0.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 73DD7E51212145a3B5DC4AF81CADD386.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5D068F4D2D044ed7A1E801F8B6668317.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7C0F69C18AFA453a8CED62635293DDA4.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\zwyrcss0.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F3F1BB0E8BFE40beA1DAF45D3D4CB24B.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1A0205EEA53445b2A88DD774CB9E8201.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 98C32F017A234c8eABDD973C2BB8314A.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A8489CC40E974046B65753C56CD92E96.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver EC84E2E634024c47B685873B313500BC.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\tke2vk2p.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7C8948981D024169B8365DF6EEA571A0.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2330232C3B40431a966FF40580DF1634.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 71D951AE98F246d3A62CCA32B040ED6A.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 53EB6C71581346c0888E6DBE6C88739B.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7241A7977CC640fbA8D85F03E801C921.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\jw1ss234.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E570CC5A5A714115B877E2FE030282A6.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C6AEFC9B6DA54d89BC13FEBCA84DC494.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2841737E9683494181BDDC1BD0089423.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 17FAFCA0F7294c96AC0096BEDF7C160F.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 83DE7C9E25E64d58A2DFF94F4845BF5F.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CFBEBD696B2241fcA7B6CF4C6C6DB967.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\lpdvtayz.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C40A297F812A42b095934B43C032236C.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7798F0A32E9B42cb83BB9CC89865DD00.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3CB12D4DD4E8428fA35681DAE75EEE31.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4BDAD1946235484986E538D8EE39EC96.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 17927CD909CA4b34AC127027D30226E7.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 45E76DA91CC544c7A2E7260FF79EFFC6.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\tgd4d10r.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B52724C3F5EE43289EC71C12F9F54101.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 297C2E0A5EAB457e97C5017F32FE4965.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FE82078BE55D4c9bA1109B94580F1CCF.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F7B4589A09F546e2A3D2E6C56A476413.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CB146A1FA8204fdd87E5132E3648C4F2.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\nof0h121.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8A7599A9432040f09F56AA5099344AF3.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 41007318FCB9451fB2E9ADF462BE3355.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8EF9584DF2004756B7E9C86D5693D96F.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 72D27A625E0245c08F6917F1B524780D.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 0337B19E20804981A1EA8308AD000340.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\fjzpci5n.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver FF1AFD0EB26D489eAEFB828552145A08.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B8B3669CA3CA459b8729C688BD13534B.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4A5CC9CCF835432bAB1886C5C281DBF8.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 61696EA1502E45679F1B2E5AB9B235F7.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1480515045.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 55D0F6E3B1124c949493601579F728A4.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8DA08CA23BD54bc6AE23EDE6671A1A61.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\bq1javhd.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B231536915524843BD0AD5953EBE3038.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\1480514981.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4E6476B6DA6C43e1807CD87E16B54979.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1480514974.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131249885687911047.txt.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BITDE8F.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\1480510079.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1480502882.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\1480502880.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BITB128.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\jiuea0v2.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1480502849.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\1480502848.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A8D627D8978A4717AFADD60ABFCEF5BE.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\backgroundTaskHost.exe","C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131249641938915746.txt.~tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 154870D698BF40e9BDD726F8E08D944C.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 98D445AEB6F6491cA65AB993E5408EB3.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2D7AC5824EAA4e5780609513F339AC1F.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\nxrl1ulu.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver DB1B2722FB9D4cdb9B8F2016B52E8110.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 9E6E83C8EF57436dB1ABB517459C9574.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1A07EC7BD99742778CF92BB03DE59475.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4BE0B051226E422b9E1080D411450937.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\sfzbk5rk.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F2F9DA2E05B34c77B0ACA03F6FE1BB83.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4F252A4F1AA9400797637296B968EB1F.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 8E94D0B73DA7428fBF591B3C9A287314.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 28B0BFC80DF04bb9963E2C1EC0194AF5.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A9CCDDCA52744584882916515C54910A.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 033864AA75D24bacA29EA882576CC064.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\mzioyfjf.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver AA06EF03F0D94fb7B15E57CE2ED6CFDD.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 91FA298D00994acd9839CCFF22EDC266.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 73696B27598640a49CE8542DFF19376D.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F3E7FE963471477aA0CCC41CC87A47A9.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 752C8869BCF040ed8EB29A110948A122.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver B60A1C5FDC4741278965FE3CDB720D5D.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\5ykrrb1y.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 894D0D3C0F644795AF31A607CC869437.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1AEBBCE48A86405489D102E9FCC6D89A.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6A5F1461B23446ed9D246C8E54614507.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3D96C80A3ABF4c678CC08B5464AFFDB5.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 813141D516684e0fBA5BB9319F167381.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3765C932268A4a0c99454DAFFF9F9439.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\yu5zdbfm.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A9D7F196DB3C496dAAC2FBE90FD9A919.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3D4CD3A183EF4669A9FD984E09DA6D80.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\system32\svchost.exe","C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E691024742CD423f82D8ABBF83501059.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 60F3B4C2D7BC451e8812D24F89FCCEAB.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\rlxapftm.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 00A938053ED542b58E2174285DDAD0FF.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 047373F30E0D4b7096DF641C2DFC8FB1.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CD4579A51E024d1c8F5975D3F3C3D2DB.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 62AE0017A39642e58B68CD559BAAD04F.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 657D8824783A4941A5286EBA9D143AE3.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 4530EFE8B69845ce9AFC7B6513FE5978.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\ud11t2g3.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 62DF10CE8A0B4535898E4C1F2999820C.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 018B07FCDBA1448e8CC65664B1EC12AD.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A3ABC96EBF3A4b8193319F4F710B01A0.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 86AD4917388F4ecaAE062379C402F431.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver BCBA33A110DE4b92A982ED25A041E9F4.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1F02D5A2EE2D4d80BE705F8FC3E462F2.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\rhd3awkx.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2014D28C8BB14ca2BAE2BB8B864513BC.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 1C4E7EBDA051477cBFAF0D7DC42A89E7.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 989EDDB422214e0d9687C23413B68A74.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 25F3290E26984db7BA01921163905342.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver F57E12EA390C404485FA232B71534BA2.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 5D316881E7E141eb81B2AE44564787DC.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\4z0bt0w5.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 7F27BC5660AF4feaA7DF14B387990C12.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver CEF36D17DD664db2922DB8F4C7975AB0.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\xml_error-troubleshooting_guide.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\word_search.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\wine_industry_atg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\win08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\WHTI_final_rule_new.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\whistleblower_annual_report.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\whistleblowerfy09rtc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\whcs-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\welcome_to_appeals_final_script.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\webets-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\webcbrs-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\wb200529[1].pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\VWP-QuickReferenceGuide.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Vietnamese_CNAstatement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\vc_appendix_f_schedule_2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\vc_appendix_f.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\vc_appendix_e.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\VASfactsheet_v12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\VAScontracts.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\VASchecklist.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\van-ops.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\UVisas.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\us_uk_mou_final.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\us_spain_agreement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\us_japan_investment_bank.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\us_ireland_caa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\us_belgium_agreement_identifying_pensions.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\uscert-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\usbelgium_limitationonbenefits_equipvalentbeneficiary101509.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\us-swiss_pensions.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\us-swiss_government_agreement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\url_chart_py2012_01202012.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\urgent.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\uk_qi_attachment_v3_2006.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\uk_competent_authority_agreement_10_5_06.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tree_women_clinical_trials.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tree_women_clinical_research.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tree_protection_hs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tree_minorities_clinical_trials.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tree_minorities_clinical_research.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tree_glossary.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tree_dsm_plans.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tree_children_hs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\trdb-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\TravelTips forOlderAmericansRevisedJanuary2011.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\TravelingWithDisabilities_Oct_2010v2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\transaction_codes_pocket_guide.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\trac-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tpc-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tlcats-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\title31-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\TipsforDisabledTravelersDec2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\timing_sum07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\timing_sum06.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\timing_fall08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\timeline_NIH_transitions.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Thai_CNAstatement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\testimony_wm_oversight_returnpreparers.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\testimony_sfc_ponzi_offshore.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\testimony_house_oversight_comm_4-19-2012.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\testimony_house_oversight_aca_080212.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\testimony-written-sfc_subcomm-idt-5-25-2011.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tege-07-0909-02.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tech_guid_phoneforum_transcript.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tech_guid_phoneforum_presentation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tebstatenewsletterjan2012.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\td_9503.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\td_9501.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\td_9496_final_reg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\td_9486_indoor_tanning_services.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\td_9375.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\td_9300.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\td_9237.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\td9523.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\td9454.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\td9304.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\td9264.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\td9075.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\td8843.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\td8818.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\td-9559.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tc_and_stcb_q-a._09-07-10_1.5.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tbor2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tax_gap_map_2006.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\taxchary.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tasis-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tas02obj.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tamis-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Tagalog_CNAstatement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\tab_fact_sheet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\s_corp_final.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\switzerlandweb-rev_november_2002.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\swedenweb-rev_december_20021.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\swcc1-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\summary_of_methods_tax_gap_2006.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\sum08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\students_cword_puzzle_090809.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\structured_settlement_factoring.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\statsamplingidd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ssa_irs_reporter_winter.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ssa_irs_reporter_summer_sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ssa_irs_reporter_summer.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ssa_irs_reporter_spring.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ss8icp-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\srs2-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\spr10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\spr08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\spectrm-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Spanish_CNAstatement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\soi-dps-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\sm_bus_hubzone_expo_dc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\small_business_health_care_tax_credit_scenarios.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\sl_local_contacts.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\SIV_Resettlement_Benefits_Election_Form_2010_(English).pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\SIV-Iraqi-USG-Guidelines-and-DS-157-Instructions-English.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\sitlp-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\simple_phoneforum_presentation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\simple_fixit_guide.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\sia-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\SF424_RR_Guide_General_Adobe_VerA.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\sep_phoneforum_handout.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\sep_checklist.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\seaeqrel.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\seaeq040401.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\se200132.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\sdc_survey_2011.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\scrips-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\scp_cap_phoneforum_transcript.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\scp_cap_phoneforum_presentation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\schedule-utp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\sbse-04-0911-083.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\savings_retirement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\sarsep_fixit_guide.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\sams-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\sampling.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\sample_2040-h.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\sample_ article_ 28_ statement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\samplertrpquestions.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\sampleprogramdescriptions.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\sampleevaluationform.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Russian_CNAstatement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rtts_deck.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rtrptestspecifications.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rtrpcandidateinfobulletin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rtrak-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rtr-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rspcc-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr99-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr99-3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr98-1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr94_16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr75-038.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr67_284.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr59_354.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr2004_6.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr2000-4.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr02-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr02-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-99-7.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-99-6.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-99-57.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-99-5.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-99-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-99-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-99-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-99-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-99-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-98-8.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-98-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-98-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-98-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-98-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-98-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-98-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-98-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-98-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-98-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-2010-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-2005-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-2004-80.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-12-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-12-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-12-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-12-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-12-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-12-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-12-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-12-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-12-08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-12-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-12-06.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-12-05.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-12-04.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-12-03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-12-02.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-12-01.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-05.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-04.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-02.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-11-01.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-06.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-05.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-04.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-02.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-10-01.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-05.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-02.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-09-01.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-04.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-08-01.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-71.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-70.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-68.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-67.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-66.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-63.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-58.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-57.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-04.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-07-02.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-63.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-58.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-55.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-04.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-02.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-06-01.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-78.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-77.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-76.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-74.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-71.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-7.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-66.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-62.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-6.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-59.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-57.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-55.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-04.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-05-02.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-98.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-92.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-9.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-87.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-86.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-85.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-83.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-82.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-80.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-79.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-78.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-76.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-75.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-69.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-67.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-66.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-62.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-6.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-59.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-58.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-57.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-55.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-4.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-112.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-111.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-110.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-109.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-107.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-106.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-102.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-04-1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-98.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-97.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-96.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-94.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-92.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-91.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-90.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-88.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-86.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-85.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-83.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-81.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-79.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-78.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-77.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-76.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-75.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-74.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-73.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-72.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-71.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-70.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-7.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-64.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-63.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-6.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-58.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-57.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-55.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-48_.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-4.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-26_.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-126.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-125.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-124.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-122.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-119.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-118.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-116.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-115.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-114.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-112.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-110.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-109.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-108.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-107.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-106.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-105.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-104.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-102.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-03-05.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-9.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-86.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-85.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-84.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-83.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-82.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-81.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-79.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-78.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-74.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-73.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-71.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-69.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-67.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-66.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-55.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-02-1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-01-8.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-01-62.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-01-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-01-59.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-01-57.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-01-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-01-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-01-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-01-4.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-01-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-01-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-01-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-01-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-01-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-01-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-01-06.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-00-8.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-00-6.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-00-59.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-00-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-00-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-00-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-00-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-00-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rr-00-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp_2005-63.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp_1990-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rps-pm-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp99-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp99-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp99-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp9841w6.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp98-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp98-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp98-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp98-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp98-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp98-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp98-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp98-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp97-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp97-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp97-57.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp96-9.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp96-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp94-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp92-83.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp90-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp88-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp84_36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp2011_15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp2007_27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp2001_15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp2000-9.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp2000-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp08_50_topical_index.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp02-68.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp02-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp00-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp00-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-99-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-98-63.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-98-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-98-55.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-98-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-98-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-98-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-98-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-98-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-98-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-98-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-98-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-98-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-98-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-98-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-98-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-98-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-98-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-2010-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-12-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-58.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-55.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-11-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-10-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-55.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-09-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-72.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-71.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-70.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-69.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-67.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-66.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-64.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-63.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-62.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-59.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-58.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-08-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-72.doc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-71.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-70.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-69.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-67.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-66.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 3AE29A84E16B4a87A0E42552FFD73135.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-64.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-63.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-62.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-59.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-18_.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-07-09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-9.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-06-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-9.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-78.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-73.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-72.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-70.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-68.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-67.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-66.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-63.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-62.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-05-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-9.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-72.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-71.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-70.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-69.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-68.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-67.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-66.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-64.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-59.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 88B645D703FD4a74A8EAB885C9C4CA28.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-24_.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-04-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-86.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-85.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-84.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-81.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-80.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-79.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-78.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-76.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-75.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-72.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-71.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-70.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-69.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-68.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-66.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-64.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-63.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-62.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-03-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-74.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-73.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-72.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-70.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-69.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-67.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-63.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-58.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-55.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-02-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-9.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-59.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-55.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-01-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rp-00-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\roth_phoneforum_transcript.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\roth_phoneforum_presentation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\roth_ira_news_release.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\roth_differences.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rollover_chart.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rne_sum08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rne_fall08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rne_fall07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ritsema.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rics-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rics-cda-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rgs-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rev_proc_2008-58.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rev_proc_2007-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rev_proc_2003-36_fixed.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Revised Tech Instructions Phys Mental Substance Disorders - June2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Review_Criteria_at_a_glance.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rev._proc._2008-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rev._proc._2005-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Returning Resident - May2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\RetiringAbroadNovember2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\retirement_savings_fact_sheet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\restatment_mex_llc_map_12_22_05_final.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\request_ep.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\RequestforLegalAssistance2012bilingual.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\RequestforLegalAssistance2012.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\report2-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\report1-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\reissuance_soft_contact_letter_-_internet_version_042012.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\reissuance_lesson_042012.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\reg_416-1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\reg_40108_08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\reg_157714_06.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\reg_133223_08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\registration_handout.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\registration_flow_chart.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\reg-136596-07_anprm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\reg-130266-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\reg-119632-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\reg-116284-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\reg-113770-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\refusalratelanguage.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\reforest.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Reed_Letter.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\redactedfinaliddgovernmentsettlementinitiative__2_.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\recommendations2003.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ReadingOrder-French.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ReadingOrder-Chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rccms-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rc2005atg2irsgovrepublished1_2008.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\rbss-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ra_phoneforum_transcript.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ra_phoneforum_presentation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\qtdpcredits.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\qtdg_cpp-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\qi_trust_attachment_revised_5a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\qi_directivefinalac.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\qiattachspain.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\qiattachsingapore.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\qiattachment_cyprus_kyc_rev2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\qiattachkorea.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\qiattachitaly.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\qiattachgreecerevaug2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\qiattachgibraltar.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\qiattachgermany.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\qiattachchile.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\qiattachcanada.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\qiattachargentina.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\qeprefguide10-01-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\pub4744.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\pub1976.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ptin-tpps-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\pt-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ps_responsibilities.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\providerstandards.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\PrivateInfoOrBioSpecimensDecisionChart.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\PrivacyActWaiverForm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\PrintingOrder-Chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Pre-Cert-Form.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ppt_pptCard.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Post-Cert-Form.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Portuguese_CNAstatement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\portugal_kyc_revised_attachment_41707.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\port.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Polish_CNAstatement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\poc_summary_addendum_121708_final.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\pmta-booster_club_11-24-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\pmf-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\plain_language_compliance_report_2012.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\pl103-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\PI_Advice.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\pioneer-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\PHSPolicyLabAnimals.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\phs6031.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\phs6031-1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\phs416-5.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\phs3734.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\phs2271.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\phoref-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\phishing_email2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\phishing_email.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\PETUNJUK_PROGRAM_DV_2013_Ind.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\perwltes.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\penalty_policy_reiteration_7-10-03_debbie_nolan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\penalty_policy-larry_(12-20-01).pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\pdf_fed_register_1_28_2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\pc_lifecyclechart_090811.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\passport_fees_printable_2011_2_14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Pamphlet-Russian-Online-Reading-Version.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Pamphlet-Russian-Double-Sided-Printing-Version.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\pac-527.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p966sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p939.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p892.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p794.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p6961.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p6292.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p6187.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p600.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p595.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p594.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p534.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p5.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4991.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4900sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4900.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4894_ru.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4894.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4854.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4849.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4845ru.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4810.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4808sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4808.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4789.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4763sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4763.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4761.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4736.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4701.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4600.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4596.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4591vn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4591ru.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4591kr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4591cn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4591.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4573.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4535.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4524.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4523esp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4513.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4492sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4492.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4482.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4407.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4393esp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4386.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4346fvn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4346fru.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4346fcn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4346evn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4346eru.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4346ekr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4346ecn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4346dvn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4346dru.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4346dkr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4346bvn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4346bru.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4346bkr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4346bcn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4346avn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4346aru.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4346akr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4336.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4334.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4327.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4324.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4298.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4275.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4235.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4227.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4224.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4194esp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4167.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4165.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4141sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4141.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4134.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4128sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4128.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4053sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4019.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4--2000.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4--1999.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4--1998.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p4--1997.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3998.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3991.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3961.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3954ecn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p393.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3920.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3857.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3755.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3609.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3598.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3524vn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3524ru.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3524kr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3524cn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3524.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3498a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3383.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3382.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3381.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3380.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3379.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3376.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3223.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3114.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3067evn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3067esp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3067eru.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3067ekr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3067ede.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3067ecn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3--2005.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3--2004.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3--2003.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3--2002.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3--2001.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3--2000.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3--1999.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3--1998.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3--1997.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3--1996.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p3--1995.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p216.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p2053a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1teb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1ep.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1854.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1779.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1771.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1660sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1635.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1600sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1582.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1468.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1459.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1458.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1457.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1437.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1415e93.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p141590.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1321.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1244.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1239.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1075_section10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1--2005.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1--2000.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1--1998.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\p1--1996.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\overview_vt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\overview_tax_gap_2006.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\overview_sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\overview_ru.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\overview_kr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\overview_fr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\overview_en.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\overview_cn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ovdi_memo_use_of_discretion_3-1-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Outgoing_Stats2011.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\otsa-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Origin_and_Evolution.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\organization100.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\opa-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\olnr-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\OLAW_chart.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\OER_main.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\oc_-_sept-mid_aca_cust_091710.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\obligations_form_d.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\obligations.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ntfo-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ntf-cssd-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nta_testimony_wmoversight_financiallystrugglingtaxpayers090226.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nta_testimony_waysandmeans_01202011.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nta_testimony_taxgap_062811.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nta_testimony_senate_hsgac_092606.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nta_testimony_irsbudget_060811.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nta_testimony_idtheft_062812.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nta_testimony_idtheft_050812.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nta_testimony_idtheft_032012.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nta_testimony_housewm_amt030707.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nta_testimony_houseapprops_030507_v7.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nta_small_business_comm._testimony_v4_single.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nta_sfc_testimony_tax_gap062104.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nta_sfc_062104_appendix_a_abusiveschemesfinal.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nta_senbudget_taxgap_021506.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nta_housebudget_testimony_021607.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ntawrittentestimonyfc052305amt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ntatestimony_wm_oversight_econstim_061908.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ntatestimony_housesmallbusiness_041311.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ntatestimonytaxgap102605.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ntatestimonysfc_tax_return_preparation_process040406.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ntatestimonysfc_filingseason041510.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ntatestimonysfctax_gap072606.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ntatestimonysenateapprop042706.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ntatestimonyhouse_approps03906.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ntatestimonyhousesmallbiz040506.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ntatestimonyfinanceidtheft041008.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\NRSA_Stipend_History_Graph.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nrf-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\npc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nov._ea2a1111_for_posting.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\notice_2011-71.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\notice_2009-77.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\notice_2009-75.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\notice_2005-64.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\notice_2003-81_cip_final.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\notice_2001-661.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\notice_1036.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\notice3336.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\notice2001_57.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\notice2001_56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\not98-8.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\not98-7.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\not98-6.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\not98-5.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\not98-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\not98-4.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\not98-3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\not98-2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\not98-1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\not97-75.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\not97-73.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\not97-68.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\not97-66.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\not97-65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\not97-64.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\not97-63.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\not97-62.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nonbank_trustee_list.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\NIH_eSubmission_SmBus_Tips.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\new-ways.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\netherlands_antillesweb-rev_november_2002.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nds-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nc-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\nap-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n99-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n931.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n844.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n797.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n746sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n746.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n609.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n210.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n2011_23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n2011_20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n2006_96.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n2006-110.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n1400.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n1374.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n1219b.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n1219a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n1036.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n1015.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-99-8.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-99-6.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-99-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-99-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-99-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-99-4.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-99-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-99-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-99-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-99-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-99-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-99-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-99-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-99-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-58.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-55.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-98-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-2011-82.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-2010-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-2006-83_chapter_11_debtors.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-2005-68.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-2005-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-2005-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-2005-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-2000-9.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-2000-6.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-55.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-06.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-05.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-04.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-12-03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-99.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-97.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-96.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-94.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-93.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-92.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-91.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-88.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-87.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-86.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-85.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-84.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-83.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-82.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-81.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-80.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-79.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-78.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-76.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-75.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-74.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-73.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-72.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-71.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-70.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-69.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-68.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-67.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-66.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-64.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-63.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-62.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-59.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-55.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-101.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-100.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-06.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-02.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-11-01.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-93.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-92.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-91.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-90.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-89.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-88.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-87.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-85.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-84.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-83.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-82.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-81.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-80.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-79.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-77.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-76.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-75.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-74.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-71.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-70.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-69.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-67.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-66.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-64.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-63.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-62.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-59.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-58.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-57.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-06.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-05.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-04.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-10-02.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-98.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-97.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-96.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-94.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-93.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-92.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-91.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-90.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-89.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-88.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-87.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-86.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-85.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-84.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-83.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-82.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-81.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-79.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-78.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-77.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-76.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-75.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-74.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-73.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-71.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-70.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-68.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-67.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-66.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-64.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-63.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-62.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-59.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-58.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-57.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-55.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-06.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-05.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-04.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-02.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-09-01.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-99.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-98.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-97.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-96.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-95.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-94.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-93.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-92.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-91.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-90.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-88.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-87.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-86.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-85.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-84.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-83.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-82.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-80.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-79.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-78.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-77.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-75.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-73.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-71.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-70.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-69.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-67.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-66.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-63.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-62.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-59.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-58.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-55.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-115.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-113.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-112.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-111.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-110.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-109.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-108.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-107.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-106.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-105.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-104.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-102.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-100.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-06.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-05.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-04.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-02.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-08-01.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-99.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-98.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-97.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-94.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-93.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-91.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-90.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-89.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-88.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-86.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-84.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-83.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-82.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-81.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-80.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-78.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-77.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-73.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-72.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-69.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-67.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-63.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-62.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-58.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-57.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-55.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-101.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-100.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-06.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-05.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-07-03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-99.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-97.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-96.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-95.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-93.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-92.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-91.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-89.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-88.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-87.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-86.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-85.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-83.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-82.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-80.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-79.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-78.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-77.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-76.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-75.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-73.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-70.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-69.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-68.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-67.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-64.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-6.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-59.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-58.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-110.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-109.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-108.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-107.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-105.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-101.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-100.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-06.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-05.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-02.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-06-01.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-99.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-98.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-95.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-94.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-93.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-92.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-91.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-90.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-89.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-88.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-86.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-84.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-80.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-79.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-77.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-76.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-74.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-73.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-70.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-69.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-64.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-62.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-59.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-57.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-101.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-06.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-05.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-04.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-05-01.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-84.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-80.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-8.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-79.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-78.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-76.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-75.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-74.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-71.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-70.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-69.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-68.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-67.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-66.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-64.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-63.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-62.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-6.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-59.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-58.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-57.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-55.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-17..pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-05.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-04-007.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03_53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-9.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-81.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-80.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-79.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-78.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-77.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-76.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-75.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-74.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-72.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-71.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-70.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-7.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-69.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-68.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-67.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-64.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-63.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-62.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-6.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-59.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-58.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-57.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-55.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-54.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-53.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-5.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-03-08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-80.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-79.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-77.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-76.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-75.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-74.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-73.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-72.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-70.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-69.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-68.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-67.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-66.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-64.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-62.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-59.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-58.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-57.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-4.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-02-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-82.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-81.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-79.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-76.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-73.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-69.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-68.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-67.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-66.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-61.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-59.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\02sspjkx.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-57.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-4.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-35.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-01-1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-00-65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-00-60.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-00-56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-00-44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-00-43a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-00-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-00-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-00-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-00-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-00-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-00-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-00-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-00-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-00-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\n-00-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\multi_er.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\multi-gateway_files_dec_2011_english_fy12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\mrs-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\mod-iein-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\mlms-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\mits28-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\misdw-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ministers.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\min-waiv-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\miller-20mar2012.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\miller-04nov2011.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\mexico_map.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\memo_initiatives.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\memorandum_on_sbse_lmsb_offshore_examination_cases.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\memorandum_on_routing_of_voluntary_disclosure_cases.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\memo1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\membership_balance_plan_irpac.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\mef-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\meds-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\medr-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\mazur.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\matching.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\lwis-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\lvyirm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\luxembourg_lates_attachment2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\long_term_measures.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\loans_phoneforum_transcript.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\loans_phoneforum_presentation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\lmsb_sbse_memorandum.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\lmsb_agrt_form_3-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\lmsb-swc-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\lmsb-dcs-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\litc_nrp_2-3-03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\linus-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\limo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\lilo_2003-10-16.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\life_mou_041220061.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\liechtenstein_latest_attachment.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\letter_to_peer_reviewers.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\lbiorgchart.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\lbi-20-0211-001.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\law103-173.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\labor_lifecyclechart_090811.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\labels.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\kyc__hungary.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\k1024.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\joint_board_faq.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\joc-ndc-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\jitsic-finalmou.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\jeopirm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\japanes_investment_trust_management_companies.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Japanese_CNAstatement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iw9sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iw9.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iw8imy.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iw8exp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iw8eci.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iw8ben.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iw8.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iw7sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iw7.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iw3ss.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iw3pr_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iw3pr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iw3cpr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver E72E8C58A2CE4ed08C34B59C9C82BEEE.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iw2w3_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iw2w3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iw2g_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iw2g.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\itin-rts-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Italian_CNAstatement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\it.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iss4pr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\iss4.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\isrp-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\isdm-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irs_org_chart_2012_.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irs_foia_guide.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irs_advancing_e-file_study_phase_2_report_executive_summary.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irs_advancing_e-file_study_phase_1_executive_summary_v1_3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irsvtc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irsac_membership_balance_plan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irsac_application_2012.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irsac_2011_renewal_charter.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irs2001.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irs2000.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irpac_2011_renewal_charter.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irp-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irm5.8.5.5.1_incomeproducing_assets.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irdm-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irc7871.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb_ann_of_initiative.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb99-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb98-02.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb96-22.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb96-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb96-20.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb96-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb96-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb96-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb96-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb96-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb96-09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb96-08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb2001-5.012901..pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb1999-12.032299..pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb1998-39.092898..pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb1998-06.020998..pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb12-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb12-07.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb12-03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb11-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb11-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb11-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb10-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb10-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb10-10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb10-09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb09-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb09-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb09-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb06-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb06-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb06-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb06-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb06-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb06-06.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb06-05.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb06-03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb05-49.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb05-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb05-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C5589393B6DF4a0fA95DC3BA174554DD.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb05-45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb05-39.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb05-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb05-30.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb05-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb05-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb05-21.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb05-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb05-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb05-04.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb05-03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-48.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-47.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-46.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-43.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-38.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-29.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-28.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-26.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-25.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-19.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-17.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb04-02.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb03-36.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb03-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb03-04.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb02-42.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb02-34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb02-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\irb02-02.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir02-123.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir01-108.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-2011-14_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-2011-14_t_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-2011-14_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-2011-14_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-2011-14_hindi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-2011-14_german.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-2011-14_farsi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-12-32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-12-058.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-09-84_vt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-09-84_ru.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-09-84_kr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-09-84_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-09-84_cn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-09-84sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-05-020.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-05-015.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-03-37.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-03-116.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-03-104.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-02-99.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-02-18.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ir-00-79.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ipu_cpr-os-10-1210-1757.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ipm-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Introduction of the ESTA fee for Visa Waiver Travelers - August2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\intl-nsa-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\internetfielddirective072808.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\international_support.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\international_qa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\International_Child_Abduction_Remedies_Act.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\internal_directive.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\interim_guidance_memo_for_offer_in_compromise.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\intell-property_64FR72090.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\instructions-for-schedule-utp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\inplan_roth_phoneforum_transcript.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\inplan_roth_phoneforum.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Inheritances & Money Laundering pagewoclearances.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\infoqualityguidelines.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Incoming_Stats2011.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\imsi-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\imf_pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ig_wo_memo_03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ig_wo_02_combined.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ig_wo-25-0612-01.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ifs-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ids-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\idrs-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\idrattachmentrev120908.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\idd965final.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\idd2sccm20090916ouo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ict1x.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ict1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\icspintegstatement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ics-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ice-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\icdiscauditguide.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ibsarl-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ibmis-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i990t.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i990sr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i990sl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i990sk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i990sj.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i990sh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i990sg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i990sf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i990sd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i990sc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i990sa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i990bl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i9465sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i9465fsp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i9465fs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i9465.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i945x.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i945.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i944xsp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i944xpr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i944x.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i944ss.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i944sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i944.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i943xpr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i943x.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i943pr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i943.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i941xpr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i941x.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i941ss.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i941sd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i941sb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i941prb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i941pr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i941.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i940pr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i940.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i926.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8955ssa_10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8955ssa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8952.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8942.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8941.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8940.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8939.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8938.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8937.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8935.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8930.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8928.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8926.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8921.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8918.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8915.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8913.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8912.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8910.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8903.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8902.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8898.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8889.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8886t.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8886.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8883.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8873.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8872.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8871.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8866.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8865.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8863.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8858.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8857sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8857.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8854.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8853.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8850.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8839.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8835.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8829.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8828.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8824.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8804w.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8804sa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8804c.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8804.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8802.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8801.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8734.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8697.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8621a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8621.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8615.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8609a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8609.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8606.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8606--2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8594.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8582cr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8582.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i843.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8379.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8288.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8283.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8275r.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8275.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8233.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8082.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8038tc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8038t.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8038g.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8038cp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8038b.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8038.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8027.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i8023.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i720to.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i720cs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i720.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i709.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i706qdt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i706na_10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i706na.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i706gst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i706gsd1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i706gsd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i706d.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i706a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i7004.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i6251.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i6198.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i5735.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i5713.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i5500sf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i5500ez.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i5498e_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i5498e.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i5471.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i5405.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i5330.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i5329.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i5310a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i5310.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i5307.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i5300q.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i5300.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i5227.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i4797.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i4768.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i4720.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i4684.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i4684--2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i4626.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i4562.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i4506a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i4136.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i3921.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i3800.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i3520a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i3520.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i3468.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i3115.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i2848sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i2848.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i2555ez.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i2555.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i2553.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i2441.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i2290_10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i2290sp_10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i2290sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i2290fr_10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i2290fr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i2290.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i2220.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i2210f.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i2210.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i2106.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1139.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1128.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1125e.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120w.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120utp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120utp--2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120ssd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120ss3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120sph.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120so.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120sm3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120sf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120sd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120ric.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120rei.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120pm3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120pc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120nd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120lm3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120l.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120icd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120h.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120fv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120fsc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120fs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120fp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120fm3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120fi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120fh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120f.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120c.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1120.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1118sk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1118sj.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1118.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1116.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099s_10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099sa_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099sa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099s.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099r_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099r.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099q_10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099q.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099ptr_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099ptr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099msc_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099msc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099ltc_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099ltc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099k.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099int_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099int.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099h_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099h.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099g_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099gi_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099gi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099g.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099div_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099div.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099cap_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099cap.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099b_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099b.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099ac_10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1099ac.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1098_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1098et_10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1098et.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1098c_09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1098c.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1098.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1097btc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1066.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1065x.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1065sm3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1065sk1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1065sd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1065sc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1065bsk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1045.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1042s_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1042s.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1042.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1041sk1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1041si.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1041sd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1041n.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1040x.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1040tt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1040sse.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1040sr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1040sm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1040sj.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1040sh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1040sf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1040se.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1040sd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1040sca.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1040sc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1040prh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1040pr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1040nre.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1040c.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1028.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\i1023.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\hybridplans_phoneforum_transcript.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\hybridplans_phoneforum_presentation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\hum_anim_notice.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\human_social_cost.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\human_embryonic_stem_cells.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Human Rights Related Ineligibilites - June2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\hqep-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\hqeo-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ho.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Hindi_CNAstatement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\hhs568.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\hctc-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\hairtrac.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Hacked Email, Real Estate Scams, Otherswoclearances.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\hacienda_cheque_de_la_conformidad_espanol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Guide_addendum.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\guidance_regarding_us-japan_treaty1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\guidance_phoneforum_presentation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Guidance_on_L_Visas_and_Specialized_Knowledge-Jan2011.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\guf-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Greek_CNAstatement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\greeceweb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\GrantsGov_reg_process_flow_chart.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Grantee_Registration_Process_for_Commons.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\governance_training_presentation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\governance_practices.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\governance_course_outline_cpe.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\gmf-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\german_pension_fund_map_2012.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\georgetown_04192011.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\gentrda.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\gentrac.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\general_faqs_012006.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\General_Conventional Processing.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fy_2012_teb_workplan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fy_2012_itg_work_plan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fy_2011_teb_workplan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fy_2010_teb_workplan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fy_2009_workplan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fy2012_fslg_work_plan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fy2012_eo_work_plan_2011_annrpt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fy2011_annual_report.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\FY2007.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\FY2006.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\FY2005_NIV_Detail_Table.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\FY2004_NIV_Detail_Table.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\FY2003_NIV_Detail_Table.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\FY06NIVDetailTable.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw9_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw9s_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw9sp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw9sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw9s.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw9.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw8imy_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw8imy.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw8exp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw8exp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw8eci_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw8eci.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw8ce_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw8ce.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw8ben_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw8ben.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw8ben--dft.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw7_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw7sp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw7sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw7coa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw7a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw7a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw7.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw4_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw4v_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw4v.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw4s_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw4sp_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw4sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw4s12_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw4s.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw4p_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw4p12_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw4p.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw412_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw4.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw3_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw3ss_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw3ss12_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw3ss11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw3ss.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw3pr_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw3pr11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw3pr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw3c_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw3cpr_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw3cpr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw3c.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw312_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw311_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw2_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw2vi_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw2vi11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw2vi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw2g_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw2gu_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw2gu12_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw2gu11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw2gu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw2g12_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw2g11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw2g.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw2c_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw2c.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw2as_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw2as12_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw2as.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw12_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw12.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw11sp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw11sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw10_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fw10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\futa-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\funding_phoneforum_transcript.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\funding_based_benefit_restrictions.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ft_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ftd-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ft.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fss8_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fss8pr_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fss8pr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fss8.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fss5sp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fss4_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fss4pr_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fss4pr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fss4.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fss16_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fsrp-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fslg_fy11_work_plan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fsad-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fs-2011-11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fs-02-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fr_20040115.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\French_CNAstatement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\free_file_faqs_2012_rev._5_2012_final.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fplp-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\forum11_goldilocks.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\forum11_compliance.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\forum10_roth_conversions.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\forum09_sep_pitfalls.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\forum08_choices.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\forum08_401k.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\form_w-7-coa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\form_906.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\form_866.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\formw8benentityexeccirculation2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\form870.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\form4564_9-2006.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\form4564.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\form2848_example.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\form13751.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\form13750.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\foodtrda.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\foodtrac.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fmis-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Flow_chart-ACT_only.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fire-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\final_us-jp_ca_mou_investment_bank_12-27-05.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\final_mou_corssreferencing_press_release.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\final_map_on_llc_8-26-2005_signed.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\final_eitc_initiatives_report_final_121708.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\finalntawrittentestimony2005jointrra98reviewhearing.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fims-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\field_directive_stat_judge_research_credit_cases.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\field_directive_samp_method_research_credit_cases.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\field_directive_dated_june_20_2012.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ffc110.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ffc109a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ffc109.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ffc107.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ffc105.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ffc104.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ffc103.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ffc102a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ffc101a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fed_reg_peer_rev_20040115.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Federal Register Notice.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fct2_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fct2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fct1_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fct1x_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fct1x.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fct1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fcoi_final_rule.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\fbar_consent.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Farsi_CNAstatement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\FAQs_on_incomin_cases.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\faqs_for_tax_forms_102510.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\faqs_eo_selectcheck.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\factoring_of_receivables_atg_final.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\facebook_r-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990w.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990t.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990sr1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990sr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990so.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990sn1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990sn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990sm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990sl_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990sl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990sk_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990sk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990sj1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990sj.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990si1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990si.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990sh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990sg_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990sg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990sf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990se_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990se.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990sd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990sc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990sa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990partvi_instructions2008.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990partvi2008.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990ezb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990ez.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990bl_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f990bl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f982_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f982.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f976_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f976.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f973_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f973.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f972_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f972.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f970_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f970.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f9661.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f966.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f952_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f952.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f9517e.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f9465_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f9465sp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f9465sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f9465fs_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f9465fsp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f9465fs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f9465.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f945_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f945x_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f945x.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f945a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f9452.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f945.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f944_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f944x_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f944xsp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f944xsp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f944xpr_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f944xpr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f944x.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f944ss_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f944ss.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f944sp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f944sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f944pr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f944.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f943_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f943x_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f943xpr_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f943xpr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f943x.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f943pr_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f943pr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f943a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f943apr_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f943apr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f943.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f9423.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f941_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f941x_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f941xpr_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f941xpr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f941x.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f941ss.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f941sr_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f941sr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f941sd_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f941sd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f941sb_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f941sbp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f941sb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f941pr_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f941prb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f941pr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f941.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f940_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f940sr_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f940sr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f940sa_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f940sa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f940pra.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f940pr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f940b.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f940.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f9325_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f9325.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f926_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f926.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f921_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f921p.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f921i.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f921a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f921.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f9155.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f911_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f911.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f907.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f90221_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f90221.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8955ssa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8952_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8952.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8949_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8949.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8949--dft.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8948_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8948.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8947_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8947.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8946_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8946.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8945_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8945.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8944_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8944.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8942_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8942.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8941_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8941.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8940_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8940.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8939.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8938_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8938.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8937_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8937.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8936_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8936.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8935_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8935t_accessible..pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8935t.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8935.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8933_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8933.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8932_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8932.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8931_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8931.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8930_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8930.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8928_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8928.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8927.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8926_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8926.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8925_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8925.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8924_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8924.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8923_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8923.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8921_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8921.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8919_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8919.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8918_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8918.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8917_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8917.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8916_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8916a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8916a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8916.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8915.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8914.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8913_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8912_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8912.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8911_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8911.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8910_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8910.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8909_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8909.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8908_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8908.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8907_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8907.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8906_2011-00-00--acc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8906.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8905_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8905.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8903.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8902_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8902.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8900_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8900.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8899_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8899.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8898_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8898.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8896_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8896.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8895_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8894_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8894.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8893_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8893.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8892_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8892.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8891.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8889_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8889.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8888_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8888.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8888--2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8886_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8886t_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8886t.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8886.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8885_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8885.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8883_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8883.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8882_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8882.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8881_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8881.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8880_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8880.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879s_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879s.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879pe_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879pe.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879i.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879f_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879f.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879ex_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879ex.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879eo_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879eo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879c_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879c.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879b_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879b.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8879-i-2011-00-00--acc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8878_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8878sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8878a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8878a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8878.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8877_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8876_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8876.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8875_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8875.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8874_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8874b_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8874b.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8874a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8874a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8874.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8873_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8873.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8872_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8872.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8871_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8870.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f886hfth.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f886haoc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8869_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8869.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8868_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8868.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8867_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8867.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8866_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8866.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8865_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8865sp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8865sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8865so_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8865so.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8865sk1_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8865sk1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8865.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8864_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8864.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8863_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8863.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8862_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8862sp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8862sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8862.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8861_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8859_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8859.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8858_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8858sm_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8858sm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8858.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8857_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8857sp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8857sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8857.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver A51E4D5DE1DA4036A9019F9E8E7FA897.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8855_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8855.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8854_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8854.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8853_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8853.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8851_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8851.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8850_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8850.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8849_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8849s8.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8849s6_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8849s6.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8849s5_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8849s5.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8849s3_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8849s3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8849s2_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8849s2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8849s1_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8849s1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8849.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8848_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8848.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8847_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8847.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8846_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8846.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8845.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8844_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8844.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8843_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8843.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8842_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8842.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8840_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8840.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8839_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8839.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8839--2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8838_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8838.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8836_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8835_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8835.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8834_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8834.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8833_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8833.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8832_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8832.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8831_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8831.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8829_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8829.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8828_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8828.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8827_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8827.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8826_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8826.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8825_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8825.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8824_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8824.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 2A052EDAE1B0478f968D78CD0B8517D4.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8823_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8823.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8822_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8822b_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8822b.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8822.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8821_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8821.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8820_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8820.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8819_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8819.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8818.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8816_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8816.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8815_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8815.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8814_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8814.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8813_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8813.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8812_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8812.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8811_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8811.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8810_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8810.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8809_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8809.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8806_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8806.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8805_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8805.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8804_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8804w_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8804w.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8804sa_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8804sa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8804c_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8804c.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8804.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8802_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8802.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8801_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8801.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8796a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8752_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8752.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8736_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8734_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8734.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f872ovdi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8725_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8725.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f872-ovdp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8718_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8718.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8717_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8717.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8716_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8716.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8703_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8703.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8697_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8697.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8693_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8693.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8689_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8689.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8655_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8655.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8654_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8654.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8653_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8653.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8633_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8633.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8621_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8621a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8621a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8621.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8615_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8615.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8613_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8613.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8612_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8612.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8611_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8611.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8610_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8610sa_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8610sa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8610.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8609_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8609sa_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8609a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8609a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8609.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8606_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8606.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8606--2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8596_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8596a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8596a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8596.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8594_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8594.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8586_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8586.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8582_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8582cr_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8582cr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8582.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8569.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8554_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8554ep_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8554ep.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8554.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8546_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8546.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f851_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f851.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8508.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8498.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453x_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453x.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453s_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453sp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453s.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453pe_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453pe.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453i_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453i.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453f_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453f.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453ex_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453ex.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453eo_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453eo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453c_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453c.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453b_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453b.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8453.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f843_accessible.pdf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f843.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8404_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8404.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8396_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8396.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8379_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8379.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8332_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8332.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8330_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8330.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8329_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8329.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8328_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8328.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8316_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8316.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8308_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8308.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8302_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8302.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8300_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8300sp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8300sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8300.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8288_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8288b_accessible.pdf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8288b.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8288a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8288a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8288.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8283_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8283v_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8283v.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8283.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8282_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8282.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8281_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8281.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8275_accessibile.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8275r_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8275.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8274_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8274.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8271_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8233_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8233.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8160t.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8082_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8082.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8050_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8050.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8038_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8038t_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8038tc_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8038tc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8038t.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8038r_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8038r.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8038g_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8038gc_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8038gc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8038g.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8038cp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8038cp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8038b_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8038b.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8038.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8027t.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8027.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8023_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f8023.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f730_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f730.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f720_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f720x_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f720x.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f720to_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f720to.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f720cs_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f720cs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f720.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f712_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f712.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f706qdt_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f706na_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f706na.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f706gst_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f706gst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f706gsd_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f706gsd1_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f706gsd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f706d_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f706d.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f706ce_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f706ce.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f706a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f7004_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f7004.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6781.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6765_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6765.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f673_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6729.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6627_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6627.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f656ppv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f656a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f656.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6559.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6497_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6497.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6478_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6478.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6467.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6466.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f637_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f637.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6317pr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6252_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6252.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6251_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6251.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6198.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6197_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6197.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6118_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6118.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6112_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6088_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6088.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6069_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f6069.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5884_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5884c.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5884b_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5884b.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5884a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5884.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5768_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5754_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5754.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5753_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5735_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5735sp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5713_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5713sc_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5713sc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5713sb_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5713sb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5713sa_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5713sa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5713.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5712_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5712a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5701.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f56_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f56f_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f56f.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5695_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5695.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5578_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5558_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5558.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5500ez.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5500.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5498_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5498sa12_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5498sa._11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5498sa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5498e_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5498esa12_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5498esa11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5498e.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5498.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5495_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5472_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5472.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5471so_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5471so.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5471sn_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5471sm_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5471sm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5471sj_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5471sj.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5471.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5452.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5434a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5434.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5405_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5405.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5330_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5330.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5329_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5329.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5316_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5316.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5310a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5310a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5310.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5309_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5309.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5308_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5308.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5306_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5306a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5306a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5306.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305s_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305sim_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305sim.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305sep_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305sep.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305sa_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305sa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305s.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305r_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305rb_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305rb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305ra_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305ra.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305r.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305e_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305ea_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305ea.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305e.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305c_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305c.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305b_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305b.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305ase_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305ase.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5305.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5304sim_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5304sim.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5300sq_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5300q.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5300--2001.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5227_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5227.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5213_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5213.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5129.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5074_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f5074.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4996.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4977.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4972_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4972.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4970_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4970.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4952_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4952.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4913.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4876a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4876a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4868sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4868.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4852_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4852.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4835_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4835.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4810_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4797_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4797.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4768_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4768.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4720_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4684_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4684.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4670.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4669.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4626_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4626.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4563_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4563.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4562_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4562.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4506_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4506t_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4506tez_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4506tezsp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4506tez.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4506tez--2012.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4506tes.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4506t.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4506t--2012.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4506a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4506a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4506.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4506--2012.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4466_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4466.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4461_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4461b_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4461b.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4461.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4422.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4421.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4419_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4419.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4361_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4361.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f433f_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f433f.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f433boi_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f433boi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f433b.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f433aoi_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4255_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4255.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4137_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4137.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4136_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4136.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4070_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4029_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f4029.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3949a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3949a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3922_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3922.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3921_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3921.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3911_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3911sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3911.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3903_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3903.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3800_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3800.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3520_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3520a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3520a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3520.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3491_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3491.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3468_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3468.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3115_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f3115.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2848_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2848sp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2848sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2848ovdi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2848.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2848-ovdp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2758_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2678_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2678.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2555ez_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2555ez.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2555.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2553_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2553.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2441_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2441.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2439_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2439.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2438_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2438.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f23_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f23ep_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f23ep.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2350.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f23.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2290_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2290sp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2290sp_10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2290sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2290fr_10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2290fr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2290.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2220_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2220.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2210_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2210f_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2210f.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2210.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2120_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2120.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f211a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2106_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2106ez_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2106ez.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2106.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2063_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2063.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2032_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f2032.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f14411.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f14364.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f14335.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f14310.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f14242.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f14204.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f14199.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f14157a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f14157.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f14135.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f14134.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f14039_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f14039sp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f14039sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f14039.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f14017_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f14017.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13981.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13980.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13979.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13978.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13976.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13930.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13896.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13844_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13844sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13815_accessible..pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13803.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13780.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13776_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13775.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13768.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13751.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13750.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13748.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13715.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13711_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13711.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13691es.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13690es.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13657.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13656.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1363_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13632.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1363.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13615pr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13615.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13614nr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13614k.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13614cp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13599.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13586a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13586.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13551_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13424k.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13424j.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13424i.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13424f.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13424c.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13424b.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13424a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13325.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13324.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13321.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13315.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13287.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13206.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1310_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1310.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f13072.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f12509_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f12508_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f12507.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f12474a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f12451.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f12339c.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f12339b.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f12339a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f12339.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f12277.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f12256.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f12203.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f12153_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f12153sp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f12153sp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f12153.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f12009.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f11c_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f11c.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1139_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1139.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1138_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1138.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1128.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1127_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1127a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1127a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1127.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1125e.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1125a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1122_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1122.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120_schedule_m-3--2011-00-00--acc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120x_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120x.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120w.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120utp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120utp--2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120s_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120ssm3_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120ssk_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120ssk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120ssd_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120ssd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120sph_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120sph.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120so_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120so.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120sn_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120sn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120sm3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120sh_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120sh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120sg_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120sg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120sf_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120sf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120sd_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120sd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120sb_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120sb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120s.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120ric.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120rei.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120pol_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120pol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120pm3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120pc_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120pcsm3_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120pc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120nd_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120nd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120l_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120lsm3_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120ls3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120l.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120idq_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120idq.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120idp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120idp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120idk_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120idk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120icd_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120icd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120h_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120h.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120fv_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120fv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120fs_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120fsp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120fsp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120fsc_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120fs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120fp_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120fp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120fm3_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120fm3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120fm1_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120fm1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120fi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120fh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120f.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120-f_schedule_i--2011-00-00--acc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1120-f_schedule_h--2011-00-00--acc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1118_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1118sk_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1118sk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1118sj_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1118sj.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1118si_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1118s1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1117_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1116_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1116.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099s_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099sa_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099sa12_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099sa11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099sa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099s12_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099s11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099s.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099r_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099r11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099r.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099r--2011.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099q_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099q_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099q11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099q.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099ptr_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099ptr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099p12_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099p11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099oid_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099oid_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099oid.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099o11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099msc_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099msc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099m11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099ltc_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099ltc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099l12_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099l11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099k_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099k.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099int_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099int_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099int.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099i11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099h_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099h12_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099h11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099h.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099g_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099g_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099g11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099g.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099div_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099div_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099div.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099d11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099c_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099c_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099cap_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099cap_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099cap11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099cap.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099c11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099c.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099b_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099b_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099b11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099b.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099a_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099a12_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099a11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1099a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1098_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1098t_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1098t_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1098t11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1098t.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1098ma11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1098ma.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1098e_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1098e_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1098e11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1098e.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1098c_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1098c11_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1098c.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f109812_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f109811_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1098.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1098-c--2012-00-00--acc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1097btc_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1097btc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1096_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f109612_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f109611_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1096.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1066_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1066sq_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1066sq.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1066.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1065_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1065x.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1065sm3_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1065sm3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1065sk1_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1065sk1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1065sd_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1065sd1_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1065sd1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1065sd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1065sc_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1065sc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1065sb1_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1065sb1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1065b_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1065bsk_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1065bsk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1045_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1045.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1042_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1042t_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1042t.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1042s_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1042s_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1042s.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1042.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041v_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041v.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041t_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041t.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041sk1_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041sk1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041sj_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041sj.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041si.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041sd1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041sd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041qft_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041qft.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041n_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041n.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041es_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041es.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1041.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040x_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040x.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040v_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040v.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sse_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sse.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040ss.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sr_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sj_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sj.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sh_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sf_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040se_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sei_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sei.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040se.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sd_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sd1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sd--dft.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sc_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sce_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sce.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sb_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sa_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040sa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040prh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040pr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040nr_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040nre_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040nre.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040nr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040ez_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040ezt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040ez.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040es_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040esp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040esn_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040esn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040es.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040c.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040a_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1040.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1028_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1028.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1000_accessible.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\f1000.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ex_parte_final_script.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ex_parte_custody_orders.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\exfirs-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\exemptorg-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\executive_summary_actgovernancerept.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Executive_Order_13356.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Executive_Order_13354.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ExchangeVisitorVisaUpdate-April2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\evolution_of_the_office_of_the_taxpayer_advocate.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eval_dl_program.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eval_benefits_restrictions.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eval_403b_issues.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eval_401k_questionnaire.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\etrak_whistleblower-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\etrakcc-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\etrak-vets-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ethics_phoneforum_transcriipt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ethics_phoneforum_presentation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eta_mdb-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\etaras-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\estoniaweb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\esop_tar5_100810.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\esop_tar4_022310.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\esop_tar3_120909.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\esop_tar2_110309.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\esop_tar1_110309.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\esop_phoneforum_presentation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\esop_dl_phoneforum_transcript.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\esop_dl_phoneforum_presentation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ers-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eris-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ercs-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eqrs_f-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eqrsc-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eqrs-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ep_org_chart.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\epwrkpln_11.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eptt_pr012304.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eptt_neonatology.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eps-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\epmf-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\epcrs_plancorrection_phoneforum.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\epcrs_phoneforum_transcript.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\epcrs_phoneforum_correction.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eo_regs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eo_org_chart_04_2012.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eo_mef_faqs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eo_determ_gov_cpe_ppt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eo_determs_governance.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eo_code_provisions.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eounrel.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eotopicp99.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eotopicp97.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eotopicp00.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eotopico00.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eotopicn99.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eotopicm99.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eotopicg97.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eotopicg01.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eorevenueprocedures.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eoe-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Envelope_Address_Example.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ensb_sample.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\emtrac.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ems-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Embassy_Specific_Info_SAA.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Embassy_Specific_Info_MEX.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Embassy_Specific_Info_MEP.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Embassy_Specific_Info_CDJ.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Embassy_Specific_Info-MTL.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Embassy_Specific_Info-LMA.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Embassy_Specific_Info-KBL.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Embassy_Specific_Info-GUZ.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Embassy_Specific_Info-DMS.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Embassy_Specific_Info-BGH.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Embassy_Specific_Info-ATH.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Embassy_Specific_Info-AMM.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Embassy_Specific_Info-AKD.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\elf-r-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\election_year_phone_forum_slides.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\elec-mftra-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eitc_effectiveness.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eip-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eia-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ehr_qa_062007.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ehrdirective.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\efpps-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\effective_with_the_2013_enrollment_examination2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\efds-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eemeals.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eds-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\edims-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ea_program_booklet_jan_2012.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\eauth-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\earp-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\early_distributions.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ea2b_2008_exam_jb_revised.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ea2b_0510_revised.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ea2a_1109_for_jb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ea2a_1107_for_joint_board_pdf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ea2a2010_for_posting.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ea10510_for_jb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ea-2b_0509.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ea-1_spring_2008_pdf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ea-1_0509.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\e-trak_vdp-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\e-services-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\DV_2013_ukr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\DV_2013_Instructions_Turkish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\DV_2013_instructions_Romanian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 494CA31D4ECB4c678906D734966AAFB7.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\DV_2013_instructions_Latv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\DV_2013_Instructions_Hung.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\DV_2013_instructions.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\DV_2013_French_Instructions.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\dutch_lfma_map.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\dutch_certification_pensions_agreement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\dubai.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\dual_nationality.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\DS-3013.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\DS-0158.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\DS-0064.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\draft_w-2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\draft_lrm_403b_prototypes.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\domesticproductionidd2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\doc7394.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\dlse-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\dlom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\distributions_phoneforum_handout.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\determ_phoneforum_transcript.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\determination_phoneforum_handout.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\depdb-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\das_bond_remarks_at_may_2009_symposium_on_ipca_and_japan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ctw-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\crits-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Creole_CNAstatement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\creb_2007_disclosure.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\crd-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cr-tac-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp_qa_06-10_1.3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp959_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp90c_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp88_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp774_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp773_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp772_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp771_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp759_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp749_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp722_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp721_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp71_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp71_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp71_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp71_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp71_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp71_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp71d_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp71c_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp71a_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp714_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp713_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp712_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp711_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp63_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp62_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp623_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp621_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp60_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp604_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp604b_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp603_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp601_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp59_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp59_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp59_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp59_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp59_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp59_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp567_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp567_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp566_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp566_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp565_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp565_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp53_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp53_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp53_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp53_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp53_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp53_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp523_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp523_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp523_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp523_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp523_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp523_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp521_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp521_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp521_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp521_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp521_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp521_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp51c_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp51b_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp51a_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp504_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp504_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp504_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp504_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp504_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp504b_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp504b_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp504b_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp504b_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp504b_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp504b_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp503_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp503_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp503_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp503_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver 6852750AED8942d0B53E9473801DED78.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp503_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp503_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp501_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp501_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp501_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp501_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp501_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp501_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp49_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp49_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp49_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp49_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp49_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp49_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp45_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp45_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp45_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp45_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp45_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp45_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp42_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp39_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp32_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp32a_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp31_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp31_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp31_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp31_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp31_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp31_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp30_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp30a_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp297c_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp27_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp276b_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp276b_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp276b_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp276b_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp276b_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp276b_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp25_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp259_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp259_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp259_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp259_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp259_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp259_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp259h_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp259g_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp259f_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp259e_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp259d_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp259c_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp259b_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp259a_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp2501_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp24_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp24e_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp23_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp22a_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp22a_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp22a_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp22a_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp22a_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp22a_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp21b_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp21b_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp21b_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp21b_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp21b_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp21b_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp20_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp2057_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp2006_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp2005_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp19_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp181_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp180_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp178_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp178_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp178_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp178_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp178_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp178_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp16_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp166_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp166_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp166_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp166_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp166_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp166_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp14_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp14_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp14_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp14_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp14_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp14_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp14i_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp13_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp13r_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp13m_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp13a_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp130_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp130_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp130_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp130_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp130_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp130_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp12_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp12_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp12_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp12_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp12_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp12_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp12r_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp12m_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp12e_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp12a_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp120_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp120_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp120_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp120_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp120_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp120_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp120a_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp11_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp11_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp11_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp11_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp11_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp11_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp10_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp10_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp10_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp10_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp10_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp10_chinese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp09_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp08_vietnamese.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp08_spanish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp08_russian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp08_korean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp08_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp04_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cp01h_english.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\counselorgchart.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\counsellmsborgchart.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\counselcorporgchart.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cost_capturing_approaches_2004-05-24.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\corecomm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coreblox.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\core4me.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cordreco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cordova_telephone.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cordiaip.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\corcodec.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\corcc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\corbcorp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\copysales.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Copyright_Law_Administration.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Copyright_Alliance.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\copyright-owners.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\copyprint.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\copypaste.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\copvalsl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coproinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coppointjou.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coppercove.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\copperas.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\copernus.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\copccinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cooviinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cool_story.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coolcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cool-mini.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cookwkat.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cookstar_llc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conwestr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\convonet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\convmae.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\convltel.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\convexgr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\convertro.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\convergs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\convergint_tech.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\convention_visitors.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conuptld.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conunneb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conuniver.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conunite.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conui.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conuaus.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conuanar.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\contxopt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ContractAppendixG.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ContractAppendixF.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ContractAppendixD.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ContractAppendixC.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ContractAppendixB.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\contour.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\contofemployeehealthcarecoverageatg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\contingent_liabilities_cip.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\contested_liabilities_final.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\content_spree.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\content_distrib.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\contents.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\contentrule.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\contenix_inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\contast_professional.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Contact_Information.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\consumt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\consumjc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\consumers_union.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\consumerscooperativecreditunion.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\consulting_md.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Consular Notification Statement -- English.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Consular Convention Status of All Countries.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\construc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\constant_hosting.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\constantllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\constance_anderson.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\consoltc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\consmrus.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conslmem.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conslcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\consland.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\consent_to_disclose_tax_information.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conroolc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conpup.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conprogr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conopco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cononetele.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conoascca.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\connw.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\connstu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conner_legacy.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conneigh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\connectria_corp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\connected.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\connec.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conndatanet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\connacad.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\CONMERENCE.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conmeded.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conmanin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conloygro.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conloc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conlin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conldtco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conldtcm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conldint.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conincoc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conga.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conf_board.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\confre.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conformal_systems.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\confirm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\confcomm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conetrix.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conenza.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conectad.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\condydca.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conduitusa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conduit.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\condiscover.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\condirec.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\condesa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conctnt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conctheo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\concsmry.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\concptsw.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\concordu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conconme.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\concomco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\concol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conciric.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\concierge.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\concertwin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\conceiwl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\concave.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comwebrev.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comvir.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comutpth.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comuntcn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comucf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comtube.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comtrain.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comtecnt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comtechcars.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comteasslp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comsportnet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comspdaz.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comsol_inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comsol_ab.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comsnjuc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comsimllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comsftw.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comser.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comrclsh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\computertyme.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\computersci_profs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\computer.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\compusei.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\compucol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\compu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\compu-tech.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comptown.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comptgnt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comptcnr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\compresc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\compnet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\compmi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\compmewo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\compltd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\competent_authority.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\compete.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\compensatory_final.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\compennsy.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\compeitc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comparison_of_review_criteria.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\company_line.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\compagnie_financiere.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comopsys.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comonapp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comnetic.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comncrp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comncotc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\community_wireless.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\communitywalk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\communitypro.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\communications.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\communat.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\commuisic.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\commtrct.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\commtlc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\commtel.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\commtechinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\commstrg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\commspace.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\commresg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\committe.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\commedsf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\commcorp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\commcollege.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\commbalt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\commanly.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\command_trends.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coming_soon_media.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comimedl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comimed2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comforcamp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cometank.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comediva.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comdcllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comctcbl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comcstcc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comcorp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comcops.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comconxt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comcolt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comcen.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comcd516.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comcastspot.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comcastp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comcastl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comcastcableco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comcassti.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comcabcomm2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comcabcomm1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\combined_comm_corp_ok.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\combenpa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\combasx.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\comadt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\columtc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colummet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\columbul.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colubar.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colstunv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Colstudio.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colstsch.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colstros.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colstcth.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colstben.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colsports.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colsomd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colsoid.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colsmnry.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colrpgmt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colrginc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coloscmn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\color_labs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colorunivers.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colopol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colony1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cologuys.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colocha.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colocat.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colo4dal.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colmusoc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colmtstv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colmtlco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colmtcol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colmbintu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\collwstr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\collview.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\collrcpc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colloln.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\collnoteshare.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\collneti.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colligo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\collegnj.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\college_west_idaho.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\college_runway.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\college_rising_company.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\college_prowler.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\College_of_Imaging_Arts_Greg_Barnett.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\collegeroar.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\collegeofsteliz.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\collacom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colknow.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colincmycb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colica.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colgo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colgloinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colgclub.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colgateu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colencic.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colejuan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colegtmm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colegnet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colectfy.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coldwtr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coldupag.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colctind.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colcll.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colbycol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colbsaw.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cola_table.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\colainc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coinstarinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coinfound.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coilsprg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cohnwolf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coheso.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cogrfoin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cogntvcp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cognprop.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cognitive_enhance.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cognichk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cogentinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cogentcm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\CofMerid.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coexsyste.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coexist.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cody_inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\codesour.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\codemobs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\codemed.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\codeitcp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coda_lrm0106.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\codas.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cochlear.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coceve.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cocamell.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cocacola.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cobusclb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cobropub.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cobra2_di.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cobra1_di.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coblentz.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cobgrp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coastsearch.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coastlcm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coassist.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coasnrlt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coachwrk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\coachnet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cnxcorpn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cntrnfos.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cntrcvcp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cntnavan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cntlctol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cnsmrsrh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cnsltlco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cnsldtco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cnservers.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cnn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cnlwinsd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cnglrwls.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cnetinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cnctprsl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cncrdmdg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cnbcinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\CNA_flow_chartFinal.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\CNApocketcard.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\CNA Standard Operating Procedure.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\CNA Fax Sheet_GuardianOrTrustee.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\CNA Fax Sheet_DeathOrInjury.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\CNA Fax Sheet_ArrestOrDetention.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cm_productions.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cmykmaga.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cmxsports.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cms_brokerage.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cmpofsol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cmpmedia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cmphltcr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cmntychl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cmi_market.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cmgdabhc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cmainet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clubtool.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clubgolf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clubfrgl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clsfdvnt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clscsrvn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clrwtrco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clrlaktc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clrcwldw.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clrchbdl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cloze.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clovllcb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clovkeyc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clouinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cloud_tiger.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cloud_party.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cloud_on.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cloudhol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cloudflare.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cloud9.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\closely_inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\closcorp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clorox_professional.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clockmakers.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cloantoi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cloanto.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clntmcpl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cliq_media.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cliqcomm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clipshow.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clipnikinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clipcan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clipboard.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clinheal.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clincot.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\climate_reality.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\climate_protect.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clima.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clikcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clikcmrc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clicmrks.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clickman.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clickbuy.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clic2lrn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cli2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clevlnlv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clever.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cleveland_library.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cleve.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clevcomp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clesa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clecom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cleaspri.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clear_eyes.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clearwyr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clearwir.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clearvista.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clearvisi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clearsta.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clearpor.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clearlessllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clearcom_sandwich.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clearclips.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cleanski.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Clean.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cleamedi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cldwtrbp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clcs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Clay_Ellis.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Clayton.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\claycounty.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clawd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Claude_Robinson.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\claswell.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\classtivity.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\classifiedads.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clasmtol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clarnsvl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clarmntg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clarmckc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clarkunv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clarksnu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clark.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clarity_media.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\claridig.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clarcoi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\claps.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clairaco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\claimch.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clad.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\clabinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ckrwbhst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ckintrac.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ck12foun.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cjbmgmt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ciwaboinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\civtechs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\civicenter.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\civicact.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\citzglobc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\city_ny.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\city_interactive.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\citywils.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cityweyd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cityoptical.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cityoflr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cityjntn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cityhmlk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\citygrid_media.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cituny.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\citunltd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\citruslane.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\citrix_online.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\citmedlaw.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\citmedill.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\citizens_tele.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\citizchar.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\citisports.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\citigrp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\citicocs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\citgroup.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\citgroinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\citadel.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cislothm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ciscotec.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ciscosys.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ciscolin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ciscoiro.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cisaic.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cirshainc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cirnomag.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circlef.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circ66.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circ65.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circ62.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circ56a.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circ56.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circ50.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circ45.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circ44.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circ41.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circ40.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circ34.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circ32.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circ10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circ08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circ07d.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circ05.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circ04.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\circ01b.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cirbuisoft.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ciradar.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cinergym.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cinelect.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cincypst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cincmsi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cincin_bbb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cincbell.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cinbwrls.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cimis_aftrak-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cignlglc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cigna.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ci2-gss-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ci1_gss-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chvision.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\churcomin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\churchcomminter.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\churchcomm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chumbyin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chucklr-com.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chubcorp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chtcment.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chtchcap.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chtcblpt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chtcbloc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrygro.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrtcome.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrtadsl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrstcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrst2dy.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrqlinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chronim.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chromlif.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrmerc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Chris_Wahlberg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Chris_L.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Chris_Baker.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chris_a_jackson.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Christoph_Wienands.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\christopher_smith.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Christopher_Pavsek.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Christopher_Meacham.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Christopher_Jones.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Christopher_Homer.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Christopher_Flores.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Christina_Meredith.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\christian_tv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\christian_invest.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Christian_Andrew_Warren.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\christianfell.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Christian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\christian-heusinger-14.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrispub.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrisnor.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrisboard.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrhors.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrforne.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrfibwi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrfibtx.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrfibsc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrfibne.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrfibmo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrfibmi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrfiblk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrfibks.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrfibin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrfibil.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrfibca.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chrcomii.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\choutlco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\choshiinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\choralpub.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\choopa1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chomp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\choihotl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\choicmed.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\choicltd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chohopinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chocsedc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chobspub.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chobabyf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chnl1rel.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chmbcbsr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chldntwk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chlagran.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chivintl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chitelcorp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chirrpy.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chirpint.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chiroba.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chiquita_brands.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chiqllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chipndal.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chinprtl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Chinese_CNAstatement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\china_us_article_19_final_tax_media_drop_3_1_1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chinatc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chinamer.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\childrens_health.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\childlaw.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\childinter.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chikpllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chikepo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chigjobs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chifilcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chiencoa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chicompu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chick_rx.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chickllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chickec.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chicazoo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chicagoland.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chica.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Chiara_Ferrari.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chgmusnt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chfind.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chestel.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chentsui.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chemung_county.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chemcc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chekwork.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chegg_october.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chefk9.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cheezburger_inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cheeci.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\checkpointsllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\checklist_policy_dev_20120412.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cheatmas.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cheaterville.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chearegb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chdhptbs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chcomhld.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chavideo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chatxmag.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chattv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chatterplug.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chattano.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chatrcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chatngas.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chatinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chatelmn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chatelmi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chatecom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chatango.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chasyuth.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chastacm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chasradp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chaspo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chaska.net.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chasdrew.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\charway.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chart_pak.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chartypl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chartvii.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chartrvt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chartrsv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chartrop.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chartrjv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\charthmc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\charscin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\charschool.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\charrusse.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\charrscl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\charrose.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\charrmg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\charprof.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\charonln.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\charmingdirect.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\charltpb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\charlotte_viewpoint.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\charlie_boxer.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Charles_Thompson.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Charles_Shapiro.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Charles_Parent.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Charles_Guill.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\charleston_tele.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\charheli.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chargate.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\charcomi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\charcomc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\characteristics_for_irs.gov_7_31_03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\characqn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chapsity.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chaprl_di.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chapelhill.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chanscene.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\channel_capital.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\channelfix.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\changeyouragenetwork.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chan7odi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\champtel.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\champmtg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chammult.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chamco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chaintinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chahmo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chagevent.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Chad_Jewell.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chadron.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chacomvi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chacomv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chacompr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\chacomhs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cgysol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cgadvis.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cffinlgr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cfe_media.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cfenterp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cfc94.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ce_provider_program_numbering_sequence.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cevirmli.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cesebco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cesamplecertificate.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cert_interim_amendments.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cerniumcorporation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cerfserv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ceresmkt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ceprovidernotes0612.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centxcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centstag.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centrsrc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centrlr3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centrifs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centrecol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\central_oregon_comm_college.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\central_nm_college.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centralvalley.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centproam.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centphone.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centoria.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centmtcm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centmich.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centfgos.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centfamy.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\center_rights_action.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centerpl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centerhope.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centelis.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centedcm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centdmeg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centcoun.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Centcomp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\centamp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\censvmkt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cenraiph.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cenmet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cenmed.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cenicorg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cengagelearn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cencomce.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cencom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cencollg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cencartc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cenappllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cementworks.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\celwre.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cellfish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cellcopt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\celebrity_market.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\celebrbe.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\celartem.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ceinetwk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ceiinc..pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ceienteri.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cegamasr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cefmedem.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ceescptr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cedrcrkw.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cedcomllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cedco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cecviral.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cecotexa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ceas-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ceaccreditorapplication.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cea-ccia-hrrc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cdw-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cdpwr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cdnetwokt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cdmonln.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cdkitch.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cdinccc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cdfinacl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cder3-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cddisply.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cc_viii.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccviprch.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccvioper.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccviipch.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccviilsg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccviiles.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccviiipg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccviiiop.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccviiihg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccvihldg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccvhldns.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccvhldfn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccvcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccumc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccumc-capturefollowup.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccsystms.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccsd15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccpl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccopurch.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccoprpty.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccontact.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccoleasg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccolease.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccnengl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccmorris.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccmich.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccia-51.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cchst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cchcmrtg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccfibrlk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccdis536.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cccn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cccintnt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccbucks.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccbilleultd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccbilleu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ccbill.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cca_training.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cca.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cc10llc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cc1-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cbvpflug.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cbvleand.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cbstelev.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cbssidos.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cbsradi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cbsparam.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cbsinter.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cbscorpo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cbrinst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cbidistrib.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cbfancem.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cbdmedia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cazoodleinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cawtslaw.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cawr-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cavalier.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\causefm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\causecast.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\catwbacs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\catumedi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cattcole.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\catrpilr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\catmacar.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\catlogcm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\catholic_univ_america.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cathequt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cathcon.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cathclve.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\catgcty.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\catchadv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\catastrophic_pt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\catalystmail.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cast_communications.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\castup.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\casttv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\casts-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\castmed.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\castlntc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\castisys.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\casting_networks.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cass_cable.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cassinet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\casscopc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\caskfrst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cashcomp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cashamerica.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Casey_S.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Casey_Friedrich.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\casevlps.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\casesldr2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\casesldr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\caseinter.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\case-mis-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\case-base.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\car_domain.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cary.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carwarc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carvlsft.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cartnetw.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cartmcon.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carson071504.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carseat.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carsdire.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carr_mcclellan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carrie-russell-library-copyright-alliance.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carpathia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carp95_98.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carnmelu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carnigie_corp_ny.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carngbrj.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carney-megan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carney-megan-summary.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carnet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carnallcorp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Carmen_Alvarez.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carmalan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Carl_Bolling.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carlowcg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Carlos_Pellerano.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Carlos_Gurr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carlflor.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\caribis.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carhotwo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carhof.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cargurus.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cargrhls.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cargosmt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carezeni.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\careypal.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carerbld.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\careqst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\careprmn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\caremgmt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\careletts.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\careidco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\careersv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carecross.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\careconx.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carecncl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carealtr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\care2com.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cards_final.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cardsauc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carbon_games.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\carbonit.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\captivemotion.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\captainu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\capsuninc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\caprock.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\capricom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\caprica.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\caprepts.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cappusa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\capligea.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\capitol_hill.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\capitne.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\capitlbro.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\capital_univ.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\capital_network.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\capinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\capgazette.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\capepubl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\capellae.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\capeintr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\capecom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\capdirec.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\capcodcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\capbrdbd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cap.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\canyuu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\canyon_gate.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\canynbbd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\canvasnet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cantonsd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\canpl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\canon_latin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\canoninf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\canonicalgroup.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cannei.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\canibmsc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\candhost.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cancropt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cancio.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\canarywl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cams-ardi-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\camronu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\campus_associates.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\campusventr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\campusol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\campuslive.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\campulai.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\campubu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\campstrm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\campn4al.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\campexic.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\camomedi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\camixcss.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\caminopublic.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\camfessi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Cameron_Miller.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cameron.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cameron-sum.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\camcomm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\camcmsol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cambrcol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cambium_enter.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\camaro5.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\camalucom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calypsostbarth.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calvincl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calvcrus.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\caluthuv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\caltech1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\caltech.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calsusac.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calsula.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calstata.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calprime.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calpolys.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\caloptassoc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calohysc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\callan_di.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\callandr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calisfin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\caliredwood.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calif_pub_health.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calif_product.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\califstate.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\califsci.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\califphysician.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\california_cedar.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\california2004.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\califmed.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\califint.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\califchoice.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\califac.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calicocottage.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calibremed.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cali.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calhosll.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calguns.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calgoinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calgocom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calculcreat.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calconn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\calcolotar.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cakecent.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cainscdi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cainfarg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cainc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cainarts.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cahners.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cafwbhst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cafh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cafepres.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cafephrm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\caequlog.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cadwalader.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cadmancor.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cactus.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\caclogim.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cacheon.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cachenet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cacheinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cabsystm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cabsarehere.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cablwls1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cablvsys.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cableqco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cablepetition.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cableone.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cable-rate-petition.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cablbuso.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cabillc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cabequco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cabcofam.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\cabcmwil.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\caa_netherlands.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ca-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ca-or_broadcasting.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\C4PcmLLC.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\c4cllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\c40_cities.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\c3_metrics.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\c1media.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\C._Maxwell_Solie.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\c-711.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\byu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bytetaxi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bytehost.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bytectr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\byronsch.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\byrd-sum.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\byo_network.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bykd4kid.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bxcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bwisgu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bwhrsrch.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bwentertainment.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bwalrus.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bvwebtie.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bvsinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bvsftwar.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\BVALLC.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buzzoinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buzsaw.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buzrdnws.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buznatco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buzamoto.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buyseasi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buymusic.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buymed.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buyersbest.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buxinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buuteeq.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\butterfly_dreams.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\butterball.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\butlrcrc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bus_schedule_all.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\busybee.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\busplan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\busntlcm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\busnseng.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\busnsbyd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\busnescm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\BusinessVisa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\business.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\burts_bee.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Burton_Betchart.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\burleent.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\burlcocl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\burger.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\burda_style.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\burba.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buradevc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe","C:\Users\user\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\jeeud2t1.tmp",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buoydigit.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Bun_Socheat.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bunnomatic.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bunkweb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bunchbll.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bun-kat.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bump.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bullseye.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bullhrnt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bulldogr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\built2xl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\builsear.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\builho.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buildabear.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buiasig.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buiaresu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bugbird.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bugatti_di.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bufsabrs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buflofrn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buflcros.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buffn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buff.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buenvstu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buenvsta.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buena_enterprises.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\budget_information.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buddyusa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bucsprom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buck_ed.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bucktldo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bucktele.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buckscol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bucknelu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buckitel.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buckeyec.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buckeye.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buckaroo_acquistion.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bucintnl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buchancs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\buchananpj.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bubbanetwork.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\btnacces.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\btmshent.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\btgespre.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bstnstgl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bstmedia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bserbifs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bscinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bsa_response_letter_regarding_exemption_4.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bsa_letter_regarding_exemption_5.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bsa_letter_regarding_exemption_4_5.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bsa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brynmawr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brycol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bryauniv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bryastcl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Bryan_Linair_Technolologies.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Bryan_Caudle.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bryan_broadcast.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brvetel.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Bruce_Leban.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brstlprm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\browseup.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\browser_brains.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brownstoner.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brownrice.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brown.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brotherloco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brostpubllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bropualco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bropty.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\broomecc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\broolaw.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brookspt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brooklyn_navy.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brookcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\broform.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brofinsol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\broehnrt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brodvwnt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brodspir.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brodevel.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brodcstm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brodbdrs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brodbdof.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brockton.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brobaba.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\broadwng.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\broadllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\broadjam.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\broadinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\broadcom_corp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\broadcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\broadclp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\broadcla.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\broadcastr_inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\broadbca.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bro.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brntreld.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brnsvlhr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brnsnobl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brnshr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brnkhsca.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brnglite.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brngbyer.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brldgent.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brkthrgh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brkmedia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brkgmutd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brkfdcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brkaway.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brit_media.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Britt_Griswold.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brittww.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\britpath.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brithous.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brital.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brita.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brispagp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brinkshs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brimic.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bright_funds.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brightcove.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bright.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brighmid.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brigham-young-33.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bridpoint.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bridgmps.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bridges.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bridgent.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bridcate.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brickarms.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\briarwood_tech.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Brian_Neenan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Brian_Johnson.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Brian_Hunt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Brian_Goudie.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Brian_Dressler_Photography,_Inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Brian_C_Johnston.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brian_case.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Brian_Brzezinski.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brgwtrcl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brgmwphs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brgmwphh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brgmwhos.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brgmwflk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brgmcmpr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brghtusa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\breyer.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brextllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brevrdcc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Brett_Smith.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bresnan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Brent_Morris.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Brendan_Edwards.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\breakdown_services.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brdwyblg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brdrm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brdgfrst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brdcastinter.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brdbrysc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brdbndus.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brdbndig.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brbanmar.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brazcolg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bravo_media.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bravkids.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brau.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\branllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\branflip.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brandpays.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Brandon_Lacher.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Brandon_Harter.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Brandon_Etheredge_EFF.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brandmov.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brandmck.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brandldr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brandivation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brandbgt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brandamr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\branconl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\braktlib.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brainwav.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brainspr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brainscn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brainbox.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brailleinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Brady_Kuehl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bradlyuv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bradley_hennenfent.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brad-thomas-rfb-d.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\brachll.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bracandy.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bpms-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boyz2men.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boxotr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boxnet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boxee_inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bow_wow_beach_club.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bowrsitc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bowrsast.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bowntcbr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bownphnx.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bowneco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bowiejen.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bowdoin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bovillig.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bouve.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boundless_learning.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boulderstrip.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bottlerock.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bostncol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bosonsft.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bosgrasp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bosekinney.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boschtol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\borshoff.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boromc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\borland.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boreco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\borealac.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boostworld.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\booster_club_field_directive_6-27.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boomsped.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boommusi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boomity.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bookzone.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bookspan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bookit.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bookish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bookdogb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\booenter.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bonvlydc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bonnierwork.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bonnco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bonnacm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bonfire.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bondware.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bomisinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boltic.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bolt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bolly.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bokdog.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boista.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boisecty.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boingopia_corp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bohman.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bohemian_wrapp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boglep.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boglehe.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bogameri.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boengmng.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boebro.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\body_flash.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bocfoocom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bocajumpl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bocacom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bobuckl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bobr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bobevans.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boberdoo-com.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Bobby_June.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boardreas.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boardpublications.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boardoftrust.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boardofedu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boardingarea.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boardhst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boardgover.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\boardgam.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bnti.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bns.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bnpm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bnp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bnk_invest.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bnimbl_inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bnienter.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bnetic.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bmobilized_inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bmi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bmi-etal.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bmf-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bmf-ccnip-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bme.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bmdpubli.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bmcsftwr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bmarphin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blwaexlc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bluwallc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bluticom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blusprng.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blurtt_inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blurgeso.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blurgcol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blurbinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blupulinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blunto.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blumong.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blumnisi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bluminter.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blumarbl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blujaycom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blugrsnt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blugrav.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blue_wave.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blue_valley.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blue_fin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blue_coat_systems.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bluewadi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bluevalc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bluesmok.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bluerazr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blueplanet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bluenet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bluenesiscom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bluenc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blueKey-wireless-08.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bluehost.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bluegolf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bluegoat.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bluefrog.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bluecorn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bluebeat.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bluebeam_software.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bluducl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blprod.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blowtrch.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blotwnpl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bloom_reach.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bloomquist.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bloomberg_tradebook.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bloomberg_lp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bloomberg_finance.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bloom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blogtalkradio.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blockbuster.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blockbus.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blkoakc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blkftnet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blkftcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blkcrowm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blkboard.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blizente.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blitcai.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blistinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blisscollect.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blipsit.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blipboard_inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blinkxin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blinksts.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blinkcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blflyinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blerepllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blekko.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bleeping_computer.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blebitslc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blduksfw.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bldgblog.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blcholdg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blazing_tours.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blazecom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blaxnint.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blaworkllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blastroots.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blarmlib.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blannati.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blaneinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blakftel.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blake.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blakandc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\black_tooth.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\black_heritage_network.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\black_box.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blackstone.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blacksta.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blackrosetech.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blackos.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blackhawk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blackbrn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blackbau.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blablacm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\blabber.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bk_entertain.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bkzillon.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bktxinbs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bkghmamn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bkface.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bj's_restaurants.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bizzyin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bizzukai.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bizzinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bizyinc..pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bizoll.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\biznikis.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bizkzinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bizfinty.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bizfilng.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bizdoorc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bizbuyer.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\biwinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bit_wise.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bit_titan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bitzicrp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bittornt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bitter_media.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bitt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bitserve.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bitpipe.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bitpass.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bitmedol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bitlyin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bitluhol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bitli.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bitgravity.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bitarmin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bitanim.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bist.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bishop_account.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bisdesa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\biscbayp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\birdbaa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\birchcomm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\biopass.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bioone.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bionicturtle.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bion.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\biomimic.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Biometric Signature Affirmation DS-160 - May2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\biolaunv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\biobofc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\binwllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\binversein.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\binsmth.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bing.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\binarynt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\binaries.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\binarb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bimmerpost.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Bill_Merrell.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Bill_Davidsen.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Billy.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\billtech.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bikenews.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\big_beat.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bigwalnut.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bigvine.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bigthink.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bigstage.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bigspace.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bignmkc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bigmuscom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\biglotsi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bigliveinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bigleabarinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bigjumme.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bighead.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bigdoormedia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bigbrost.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bigapi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bid_dudes.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bidyourc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bidfly.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bidclek.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bid4vid.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\BicUSA.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\BiblioCm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\biblio.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\biantlpd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bhutecin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bgwirles.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bglincom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bftvllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bfcenter.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beyprd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beyond.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beydmisg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bevcomm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\betterlle.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\betteradv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\betplc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\betinter.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\betinf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Beth_Dixson.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bethelun.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bethelcs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\betheate.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\betcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\betavisions.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\betarecd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bestwest.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bestware.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bestvender.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beststory.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bestnurs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bestintc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bestentr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bestdoci.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bestcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bestbu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bestadlt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Best BBWS.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Besciu_Alex.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\besbuyll.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\berrycollege.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bernhardt_media.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\berlaninc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\berksrnt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\berkmisd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\berkley_networks.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\berkley_edu_ny.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\berkley_edu_nj.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\berkleem.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\berk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\berind.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\berelcpress.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beprecis.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beopen.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Ben_Morton.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Ben_Frede.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bentnrea.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bentlsys.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bentleyc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\benso.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\benncolle.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\benn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Benjamen_Scott.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\benevolent.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\benetracker_inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beneteci.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\benesite.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\benefllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\benefits_restrictions_presentation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\benefits_restrictions_phoneforum_transcript.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beneficienttech.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\benedek.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\benedcu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\benecom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bend_cable.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bencoote.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bemtradeltd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bemisins.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bemicrgr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bema_media.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\belzebuub_foundation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beltenti.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\belso.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beloitcl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\belointv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\belmia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bellsinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bellingh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bellhowl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bellefai.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bella_ventures.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bellazon.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bella.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\belhacol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\belguim_revised.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\belgium_article_19_ca_agreement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\belfnet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\belcc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\belcaro.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\belaonln.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bekash.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bejdunh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\behrman_house.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beheeml.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\behavenet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\behance_inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\begtrilc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beft-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\befrwopu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\befera.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beethoven-notice.2006.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beenti.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beeloged.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beejive.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beeideai.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beedoci.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beechacre.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bedlib.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bedfordfree.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bectdksn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\becashcow.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bebuyent.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beautylish.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beautchoice.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beaumont.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beauftcl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beaubank.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beatrobo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beatmash_net.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beathive.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beatgret.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beasley.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beamzi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bealestreet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\beachgre.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bdymedia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bdwthprd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bdr2bdrc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bdcturbn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bcpub.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bcprods.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bcplnet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bcnllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Bcencoju.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bbntechn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bbandbyi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\baytsp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\baysthlt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bayspgtc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bayshore_software.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\baypub.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\baylrmed.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\baylrfan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bayloru.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\baylor.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\baygroup.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bayeast.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\baydncc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bayarea.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bayadve.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bay9inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\baxter_county_paper.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bauhaus.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bauconsm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\battmeminst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\batesptr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\batanga.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bassdrive.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\basoftwareltd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\basilbox.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\basho_tech.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bartnccc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\barryunv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\barra.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\barnrdcl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bariamer.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\barhap.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bargielr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bareescent.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bardatsys.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\barbrdgp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\barbarjerry.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Barbara_Harmon.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\baraga.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bapstapt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\banrhlth.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bank_america.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bank_agreement.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bankwa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bankrate.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bankof.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver D1D6A7F07C4E4fb094095CE21BF10AA8.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bankfiac.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\banjo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bang_bros.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\banflixc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\band_page.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\band_LCA.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bandwidth.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bandwci.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bandoo_media.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\band-sum.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bancvue.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bancsois.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bancopr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bamboo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bamadvsv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\baltel.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\balpl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\balmusartinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ballstat.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\balloon_knot.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ballistc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bali.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\balfour.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\baldwcou.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\baldor.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\baldndo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\balcimh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\balbarcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bakrscal.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bakmck.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\baker_hostetler.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bakerboy.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bajabroadband.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\baittackle.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bairmcgarry.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bainco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bahwetng.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bahakel.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\badpuppy.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\badgevi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bacovisas.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bacon.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\backyard_mississippi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\backyard_broadcasting.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\backfnce.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bacentral.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bacatel.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\bac.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\babylon.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\babycntr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\babsncl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\babnycin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\baanv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\a_z_sports.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\a_2005-80_transaction_details.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\azureus.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\azukisys.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aztravel.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Azeem_Anwar.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\azchem.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\azcen.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\azbk_llc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ayrixtch.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ayk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ayimpllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\axsenllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\axel_ltd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\axaequi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aw_internet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\awwwsome.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\awsmcaks.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\awninc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\awebsyt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\awanholc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avwtelav.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avvoinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avtel.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avpmgmt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avotmedia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avos_systems.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avossystems.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avon_products.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avonprod.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avoncosmetic.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avoncosmet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avocado.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avnetinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avmsftwr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avitlo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avidtech.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aviatnx.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\averyene.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avenuemedia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avenueip.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aventnet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aventail.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avelist_inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aveda.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ave23corp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ava_living.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avatarfc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avarrsoul.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avantgo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\avaaz_found.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\auto_trader.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\auto_6020b-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\automotivecom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\automaticforums.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\autograp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\autoglassw.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\autodtai.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\autodkug.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\autodesk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\autodati.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\autodata.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\autmedia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\authsolu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Author_Services,_Inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\authors_guild.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\authorcomllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\author-services-inc-01.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\autfipr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\austpacf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\austnunl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Austin_J_Salazar.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\austincc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\austamst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ausltinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ausilipr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\System32\spoolsv.exe","C:\Windows\System32\spool\drivers\w32x86\3\New\TP PS Driver C1955CCDDB3940d7B066859793CCF143.ppd",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\auscincl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\auscifoun.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\auscab.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aurorau.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\auriclec.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aurangam.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aur-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aulacoillc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\augusthomepub.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\augstu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\augstnac.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\augimage.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aughmpub.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\auganllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\audralli.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\audoglxy.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\audio_video.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\audio_is.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\audiophile.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\audiomkr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\audiomic.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\audioinf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\audiogon.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\audio.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\audiblemag.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\audible-magic.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\auctportion.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\auchrcor.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\auburnse.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aubrnunv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aubidle.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\auballc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aualallc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atuffllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\att_japan_securities.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\attyellpages.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\attws.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\attstore.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\attorney_web.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\attnc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\attfoin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\attendio.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\attaway.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\attapoint.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\attainia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\att+holb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atsolutn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atrunews.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atradcla.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atopera.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atomsplash.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atomic_online.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atomic_data.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atomicme.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atomic.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atomcorp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atofinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atmel_corp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atltcbbd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atlrecor.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atlnetbd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atllcyrs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atlcbbd5.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atlcbbd4.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atlcbbd3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atlcbbd2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atlcbbd1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atlassys.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atlassian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atlantic_record.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atlantbd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atlannet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ativacorp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\athome.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\athlon_sports.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atherotech.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\athcab.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atgs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atgnmtc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atfr-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atentain.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atechllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atcjet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atat_phoneforum_presentation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\atakamalabs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asylreco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\astobroa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\astagenfo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asspospa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\assocpress.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\assocpai.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\assocont.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\associnsur.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\associated_content.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\assocapart.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\assninmr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\assjunlea.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\assetint.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\assehc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asport.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aspire_ii_nav.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aspentch.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aspencreek.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aspen.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asocfre.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asoamlas.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asnspcdv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asnirnst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asnet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asmp2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asmp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ASMP-PPA.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aslha.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ask_frog.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\askjeev.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\askforit.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\askedoutinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\askbecol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ask.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asiowsh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asiguide.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asicmns.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asian_art.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ashton.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ashta.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ashrgair.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ashoka.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ashldu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ashfrdcm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ashforduni.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asfr-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asfkicom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ascomllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ascntxtc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ascena_retail.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ASCAP.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asbury_theo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asap_advisor.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asana_inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asampoil.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asahi_net_intl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\asahi_net_inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arworkinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arwebin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arvixe.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arvigent.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arundlib.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\art_sy.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Art_Neill.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\art_comm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\art_appraisal_services_photographic_requirements.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artworksi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artvertx.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arttribe.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artstunt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artstsrt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artstor.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artstdir.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artstarllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artspots.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artsonllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artsnbro.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arts4all.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artprizegp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artnsidr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artnetwc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artnet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artmtrxl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artmanos.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artist_arena.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Artists_Bill_of_Rights.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ArtistsUndertheDome.org.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ArtistsCoalition-brf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artisticwall.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artiorkinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\articleb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\article22_lob_us_swiss_ca_agreement_8_20_03.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arthrcip.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artfirel.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artelcomp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artechnology.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artechmed.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artcntrd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artcare.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artauthor.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artand.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\artallie.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arsalontech.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arrow_communications.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arrowweb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arromdee.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arrived.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arrivalc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arrasgrp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arra-babs_qa_06-10_1.2.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arquiste.com.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arperfo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arpan.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arpa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arnwks.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arnoldport.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arnet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arndlorg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\armstng1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\armstgwv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\armstgpa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\armstgny.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\armstgmd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\armstasu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\armsgutl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\armsgnod.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\armgac.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\armedzilla.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\armdfrcs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arl_now.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arlingco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arl-ala.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arktimep.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arktechu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arklightmedia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arkheart.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arkarcomt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arkanst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arkansas_tele.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arkamind.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arjontgroup.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arizpub.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arizosta.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arizoce.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arixmedia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aristotl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Arionna_Johns.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ariconat.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aribin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arhat.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arh.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\argo_tech.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\areyouto.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aresta.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\areeinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\area-directos-addresses-postappealsmediation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arctcslp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arcsoft.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arcmanor.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arcinternational.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\archstonecomm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\archnet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\architects_atg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arch7107.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arcbazar_com.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arbulbd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arbitron.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arbisisl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\araneti.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arandellcorporation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aramrkr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aragllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aracamer.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\arabhors.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar15com.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1999.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1998.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1997.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1996.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1993.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1950.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1948.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1945.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1940.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1935.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1896.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1895.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1894.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1893.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1892.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1891.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1890.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1889.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1888.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1887.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1886.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1885.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1884.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1883.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1882.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1881.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1880.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1879.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1878.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1877.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1875.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1874.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1873.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1870.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1869.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1868.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1867.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ar-1866.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aquafold.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aqhostllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aqetl-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apx_inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apxinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apvalbrocas.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apture.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aptrat.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Aptherlc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aptex.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aptara.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apta.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apstream.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apsoup.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apsenrgy.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aprisa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aprilwil.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apriahealth.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\app_store_monopoly.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\app_sense.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\app_grooves.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appyoinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apptallc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appsu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appsolute.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appshare.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appropriate_tech.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apprinst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appraisal_item_format.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\applicom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appleinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apple-inc-31.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apple's-response-to-copyright-office-questions-of-6-23-09.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appitalinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appinco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appgrooves.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appgenss.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apperica.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appendix_f_instructions.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appendix_d_instructions.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appendix_c_instructions.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appendix.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Appendices_and_Tables.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appeian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appealdm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appdillo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\appdeply.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apparitl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apollotf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apollolb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apollogrp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apogeetl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aplustec.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aplohstg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aplltd.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apllogam.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apldthry.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aplcreative.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apknet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aphinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aperion.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aperian.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apedvntr.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apebble.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apeaysu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apcowrld.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apb.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apaxpart.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aparther.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\apa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aosoftinte.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aops_inc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aolcommun.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aoic-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod201201.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod201106.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod201105.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod201104.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod201103.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod201102.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod201101.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod201006.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod201005.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod201004.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod201003.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod201002.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod201001.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod200901.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod200801.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod200705.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod200704.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod200703.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod200702.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod200701.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod200602.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod200601.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod200503.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod200502.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod200501.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aod.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aocllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anywrcom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anywerefm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anyuser.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anytimehealth.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anylogic_north.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anyday.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\antonpro.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Anthony_Snively.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Anthony_Bills.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Anthony_BIanciella_Photography.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\antetmtv.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\antenna_volantis.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\antenna_software.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\antenna_canada.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\antengo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\antdiscen.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\answrlgy.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\answers-to-doc-filmmaker-questions.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\answerport.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anscom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ans.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anrsof.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anocolpc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Ann_Breuer.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\annual_report_to_congress_september_2009.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\annual_report_to_congress_fy_2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\annrep2011.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\annrep2010.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\annrep2009.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\annex.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ann97-52.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ann96-13.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anmlsllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anmf-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anivlinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anivisn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anitac.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\animoto.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\animal_ny.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\animall.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anicplacellc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aniaboi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Anh_Nguyen.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anheuser.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anheuschinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\angstrm.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anetvnet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anerson.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\andy-cao-15.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\andvrnet.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Andre_Nozari.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\andre_nasib.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Andrew_Schillinger.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Andrew_Phillips.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Andrew_Pham.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Andrew_Joseph_Harmon.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Andrew_Jeffrey_Finley.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\andrew_huang_response_letter_regarding_exemption_3.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Andrew_Huang.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Andrew_Henderson.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Andrew_Finkenbinder.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Andrew_Dull.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Andrew_Dickerson.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\andiamos.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\andercon.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anddavt8.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\andcam.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\andale.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ancwolld.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anchrdns.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ancestopera.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\AnaquaInc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Analysgp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\analogic.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\anacorts.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\an98-1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\an97-111.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amzoncomllc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Amy_Toensing.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Amy_Opoka.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amwebser.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amuzinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amusecom.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amug.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amtelcrp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amtekinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amspecta.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amsoclcpa.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amsoclaw.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amsne.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amsintds.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amscorp.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amscola.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amscmeen.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ams-pia.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amrsqalt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amrrsch.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amrosen.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amroland.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amrnth.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amrfunrl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amrcnint.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ampsych.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ampromis.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ampreni.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amplify.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amplex.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ampdmobl.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ammola.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amlegion.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amitcent.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\aminsphs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amiestre.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amia10.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amhvlsch.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amhrtasn.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amhrst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amherst.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amgret1.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amextrvs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ametouinc.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amesocfo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amer_marriage.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amer_health.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amerxfna.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amerxco.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amerxbnk.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amerwell.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amervirt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amerveta.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amersapu.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amerrfin.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amerqots.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amerphys.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amerorth.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ameronthe.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amermovi.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\AmerMktg.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ameristell.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amerisociety.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amerircs.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\amerinfo.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\ameridol.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\americsafety.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\america_cup.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\american_youth.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\american_weather.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\american_vision.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\american_university.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\american_republic.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\American_Photographic_Artists_(APA).pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\american_math.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\american_hospital_association.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\american_golf.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\american_federation.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\american_dream.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\American_Cable_Association.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\American_Association_of_Independent_Music_(A2IM).pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\americans_elect.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\americansong.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\Americans-reform.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\americanmed.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\americandebt.pdf",2
"2016-11-30T00:00:00.000+0000","Malware-VM1","C:\WINDOWS\Explorer.EXE","C:\Users\user\Documents\CLEAN_PDF_9000_files\americanation.pdf",2
"2016-1