Merge pull request #1020 from volatilityfoundation/1019-printkey-timestamps-are-misleadingincorrect

issue #1019 - for subkeys, return the modified time of the subkey its…

Author: ikelos

volatility3/framework/plugins/windows/registry/printkey.py

@@ -153,6 +153,11 @@ def _printkey_iterator(
                     vollog.debug(excp)
                     key_node_name = renderers.UnreadableValue()
 
+                # if the item is a subkey, use the LastWriteTime of that subkey
+                last_write_time = conversion.wintime_to_datetime(
+                    node.LastWriteTime.QuadPart
+                )
+
                 yield (
                     depth,
                     (