Analysis
-
max time kernel
1799s -
max time network
1568s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
28-11-2021 00:27
General
-
Target
AutoInstall_zNvtuIFmBw.exe
-
Size
734KB
-
MD5
f4f038efc2ad27ff5406cbdcbcb94599
-
SHA1
7146519f2ffcb928d55ab3b66ab4572389e18fe9
-
SHA256
5d2eb0daffb9b5b49ef89add1c9140a66acb2e354fdb97e7b46fdb92e7d63818
-
SHA512
87f232e92e3c4afa58febce58b18e84e6274b1985b920211cd55c178015c43095236c2adf9f1b5fd8b79cf926ab8c6be0edd50a19b97d06eaa153cb7b38080b4
Score
10/10
Malware Config
Signatures
-
Registers COM server for autorun 1 TTPs
-
Downloads MZ/PE file
-
Executes dropped EXE 21 IoCs
-
Sets file execution options in registry 2 TTPs
-
Checks computer location settings 2 TTPs 4 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object 2 TTPs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 14 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 33 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Creates scheduled task(s) 1 TTPs 6 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 27 IoCs
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 9 IoCs
-
Suspicious use of SendNotifyMessage 8 IoCs
-
Suspicious use of SetWindowsHookEx 13 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\AutoInstall_zNvtuIFmBw.exe"C:\Users\Admin\AppData\Local\Temp\AutoInstall_zNvtuIFmBw.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Test\Office365.exe"C:\Test\Office365.exe"2⤵
- Executes dropped EXE
- Checks computer location settings
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile "$package = Get-AppxPackage Microsoft.Office.Desktop -allUsers; if (!$package) { $Error.Add(\"Package is not installed\")}; if ($error.Count -eq 0) { Out-File -FilePath 'C:\Users\Admin\AppData\Local\Temp\Office.ValidateResult.scratch' -InputObject '1' -Encoding ascii; } else { Out-File -FilePath 'C:\Users\Admin\AppData\Local\Temp\Office.ValidateResult.scratch' -InputObject '0' -Encoding ascii; Out-File -FilePath 'C:\Users\Admin\AppData\Local\Temp\Office.ValidateError.scratch' -InputObject $error -Encoding ascii;} "3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile "$package = Get-AppxPackage Microsoft.Office.Desktop -allUsers; if (!$package) { $Error.Add(\"Package is not installed\")}; if ($error.Count -eq 0) { Out-File -FilePath 'C:\Users\Admin\AppData\Local\Temp\Office.ValidateResult.scratch' -InputObject '1' -Encoding ascii; } else { Out-File -FilePath 'C:\Users\Admin\AppData\Local\Temp\Office.ValidateResult.scratch' -InputObject '0' -Encoding ascii; Out-File -FilePath 'C:\Users\Admin\AppData\Local\Temp\Office.ValidateError.scratch' -InputObject $error -Encoding ascii;} "3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeOfficeClickToRun.exe platform=x64 culture=en-us productstoadd=O365ProPlusRetail.16_en-us_x-none cdnbaseurl=http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60 baseurl=http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60 version=16.0.14527.20276 mediatype=CDN sourcetype=CDN O365ProPlusRetail.excludedapps=groove updatesenabled=False bitnessmigration=False deliverymechanism=492350f6-3a01-4f97-b9c0-c7c6ddf67d60 flt.useoutlookshareaddon=unknown flt.useofficehelperaddon=unknown flt.UseTeamsOnInstallConsumer=unknown flt.UseTeamsOnUpdateConsumer=unknown scenario=CLIENTUPDATE3⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeOfficeClickToRun.exe platform=x64 culture=en-us productstoadd=O365ProPlusRetail.16_en-us_x-none cdnbaseurl.16=http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60 baseurl.16=http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60 version.16=16.0.14527.20276 mediatype.16=CDN sourcetype.16=CDN O365ProPlusRetail.excludedapps.16=groove updatesenabled.16=False bitnessmigration=False deliverymechanism=492350f6-3a01-4f97-b9c0-c7c6ddf67d60 flt.useoutlookshareaddon=unknown flt.useofficehelperaddon=unknown flt.UseTeamsOnInstallConsumer=unknown flt.UseTeamsOnUpdateConsumer=unknown3⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exeOLicenseHeartbeat.exe tokenactivate4⤵
- Executes dropped EXE
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
-
C:\Test\MicrosoftTeams.exe"C:\Test\MicrosoftTeams.exe" -s2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install . -s --exeName=MicrosoftTeams.exe3⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Microsoft\Teams\current\Squirrel.exe"C:\Users\Admin\AppData\Local\Microsoft\Teams\current\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Microsoft\Teams\current\Teams.exe"C:\Users\Admin\AppData\Local\Microsoft\Teams\current\Teams.exe" --squirrel-install 1.4.00.294694⤵
- Executes dropped EXE
- Checks computer location settings
- Checks processor information in registry
-
C:\Users\Admin\AppData\Local\Microsoft\Teams\Update.exeC:\Users\Admin\AppData\Local\Microsoft\Teams\Update.exe --createShortcut=Teams.exe -l=StartMenu,Desktop5⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Microsoft\Teams\current\Teams.exe"C:\Users\Admin\AppData\Local\Microsoft\Teams\current\Teams.exe" --type=gpu-process --field-trial-handle=1548,18255441534164161439,12282949798487855362,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1556 /prefetch:25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Microsoft\Teams\current\Teams.exe"C:\Users\Admin\AppData\Local\Microsoft\Teams\current\Teams.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,18255441534164161439,12282949798487855362,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1892 /prefetch:85⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s /n /i:user "C:\Users\Admin\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21209.2\x64\Microsoft.Teams.AddinLoader.dll"4⤵
-
C:\Windows\system32\regsvr32.exe/s /n /i:user "C:\Users\Admin\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21209.2\x64\Microsoft.Teams.AddinLoader.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\SysWOW64\regsvr32.exe" /s /n /i:user "C:\Users\Admin\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21209.2\x86\Microsoft.Teams.AddinLoader.dll"4⤵
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Microsoft Office\root\integration\integrator.exeintegrator.exe /U /Extension /Msi /License PRIDName= /C2R PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exeschtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates"3⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates Logon"3⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentLogOn2016"3⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentFallBack2016"3⤵
-
C:\Windows\System32\wevtutil.exewevtutil.exe um "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\wevtutil.exewevtutil.exe um "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\wevtutil.exewevtutil.exe um "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe"2⤵
- Executes dropped EXE
-
C:\Windows\system32\schtasks.exeschtasks.exe /Delete /F /tn "Microsoft\Office\Office ClickToRun Service Monitor"2⤵
-
C:\Program Files\Microsoft Office\root\integration\integrator.exeintegrator.exe /I /Msi MsiName=SPPRedist.msi,SPPRedist64.msi /C2R PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root"2⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /change /tn "Microsoft\Office\Office ClickToRun Service Monitor" /enable2⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /Create /tn "Microsoft\Office\Office ClickToRun Service Monitor" /XML "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ServiceWatcherSchedule.xml"2⤵
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /change /tn "Microsoft\Office\Office ClickToRun Service Monitor" /enable2⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /change /tn "Microsoft\Office\Office Automatic Updates" /enable2⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /Delete /F /tn "Microsoft\Office\Office Automatic Updates 2.0"2⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /change /tn "Microsoft\Office\Office Automatic Updates 2.0" /enable2⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /Create /tn "Microsoft\Office\Office Automatic Updates 2.0" /XML "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\FrequentOfficeUpdateSchedule.xml"2⤵
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /change /tn "Microsoft\Office\Office Automatic Updates 2.0" /enable2⤵
-
C:\Program Files\Microsoft Office\root\integration\integrator.exeintegrator.exe /I /License PRIDName=O365ProPlusRetail.16,ProPlusRetail.16 /C2R PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Microsoft Office\root\integration\integrator.exeintegrator.exe /I /Extension /Msi MsiName=C2RInt.16.msi,C2RIntLoc.en-us.16.msi,* /C2R PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\schtasks.exeschtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates"3⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /Create /tn "Microsoft\Office\Office Feature Updates" /XML "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml"3⤵
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates Logon"3⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /Create /tn "Microsoft\Office\Office Feature Updates Logon" /XML "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml"3⤵
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentLogOn2016"3⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /Create /tn "Microsoft\Office\OfficeTelemetryAgentLogOn2016" /XML "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml"3⤵
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentFallBack2016"3⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /Create /tn "Microsoft\Office\OfficeTelemetryAgentFallBack2016" /XML "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml"3⤵
- Creates scheduled task(s)
-
C:\Windows\System32\wevtutil.exewevtutil.exe im "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man" /rf:"C:\Program Files\Microsoft Office\root\Office16\wwlib.dll" /mf:"C:\Program Files\Microsoft Office\root\Office16\wwlib.dll"3⤵
-
C:\Windows\System32\wevtutil.exewevtutil.exe im "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man" /rf:"C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll" /mf:"C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll"3⤵
-
C:\Windows\System32\wevtutil.exewevtutil.exe im "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man" /rf:"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\mso.dll" /mf:"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\mso.dll"3⤵
-
C:\Windows\System32\wevtutil.exewevtutil.exe im "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man" /rf:"C:\Program Files\Microsoft Office\root\Office16\wwlib.dll" /mf:"C:\Program Files\Microsoft Office\root\Office16\wwlib.dll"3⤵
-
C:\Windows\System32\wevtutil.exewevtutil.exe im "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man" /rf:"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\mso.dll" /mf:"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\mso.dll"3⤵
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe" /progressandlaunch AppTargets="root\office16\excel.exe|root\office16\lync.exe|root\office16\msaccess.exe|root\office16\mspub.exe|root\office16\onenote.exe|root\office16\outlook.exe|root\office16\powerpnt.exe|root\office16\teams.exe|root\office16\winword.exe" ManualUpgrade=False ScenarioToTrack="Scenario:{477E0208-58BD-4F33-978A-09BCC9AA9EB1}@INSTALL"1⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
\??\c:\Windows\syswow64\MsiExec.exec:\Windows\syswow64\MsiExec.exe -Embedding 4D84C6C0BC5A20F296029A11DB376FC7 E Global\MSI00002⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
- Drops file in Windows directory
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
- Drops file in Windows directory
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
- Drops file in Windows directory
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
- Drops file in Windows directory
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
- Drops file in Windows directory
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll"3⤵
- Drops file in Windows directory
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll"3⤵
- Drops file in Windows directory
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
- Drops file in Windows directory
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
- Drops file in Windows directory
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll"3⤵
- Drops file in Windows directory
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
- Drops file in Windows directory
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
- Drops file in Windows directory
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
- Drops file in Windows directory
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
- Drops file in Windows directory
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
- Drops file in Windows directory
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.Internal, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.Internal, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
- Drops file in Windows directory
-
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue3⤵
- Drops file in Windows directory
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
- Drops file in Windows directory
-
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exec:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update /queue3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\System32\MsiExec.exec:\Windows\System32\MsiExec.exe -Embedding 8389E8E768240A954EE95E7D7ABB9C6F E Global\MSI00002⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Source Engine\ose.exe"C:\Program Files\Common Files\Microsoft Shared\Source Engine\ose.exe" -standalone:temp3⤵
-
C:\Windows\Temp\ose00000.exe"C:\Windows\Temp\ose00000.exe" -standalone4⤵
- Executes dropped EXE
-
\??\c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe"c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -PipelineRoot:"c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\." -Rebuild3⤵
- Drops file in System32 directory
-
\??\c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe"c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -AddInRoot:"c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\." -Rebuild3⤵
-
\??\c:\Windows\System32\MsiExec.exec:\Windows\System32\MsiExec.exe -Embedding B779F011C47645BC4B5C8F732B161ADD E Global\MSI00002⤵
- Loads dropped DLL
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 17E5C2D1DB1A1FB426DAED086D4CCCC3 E Global\MSI00002⤵
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding D112F35F3779CC12294D95C4AE3BA2AA E Global\MSI00002⤵
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll" /queue:3 /NoDependencies3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll" /queue:3 /NoDependencies3⤵
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Outlook.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Outlook.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Excel.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Excel.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Word.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Word.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Common.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Common.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies3⤵
- Loads dropped DLL
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll" /queue:3 /NoDependencies3⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies3⤵
- Drops file in Windows directory
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies3⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll" /queue:3 /NoDependencies3⤵
- Modifies data under HKEY_USERS
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll" /queue:3 /NoDependencies3⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll" /queue:3 /NoDependencies3⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Common, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
- Drops file in Windows directory
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Common, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Excel, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Excel, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
- Drops file in Windows directory
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
- Drops file in Windows directory
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
- Drops file in Windows directory
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
- Drops file in Windows directory
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Outlook.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Outlook.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Word.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Word.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.ContainerControl, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.ContainerControl, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Runtime.Internal, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Runtime.Internal, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /queue:3 /NoDependencies3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue3⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update /queue3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 667C116C04562EF9E0F9556E5C6A8BB7 E Global\MSI00002⤵
- Loads dropped DLL
-
C:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe"C:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -PipelineRoot:"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\." -Rebuild3⤵
-
C:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe"C:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -AddInRoot:"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\." -Rebuild3⤵
-
\??\c:\Windows\syswow64\MsiExec.exec:\Windows\syswow64\MsiExec.exe -Embedding F21876E7AEDB917802B988A7D752AC1F E Global\MSI00002⤵
- Loads dropped DLL
-
\??\c:\Windows\System32\MsiExec.exec:\Windows\System32\MsiExec.exe -Embedding BDCB60F5D1ED1DC11E61C386EC08BEB1 E Global\MSI00002⤵
- Loads dropped DLL
-
\??\c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe"c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -PipelineRoot:"c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\." -Rebuild3⤵
- Drops file in Windows directory
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
\??\c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe"c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -AddInRoot:"c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\." -Rebuild3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 8AA2C3A7E07A8A2F22106B1F84A2F7B8 E Global\MSI00002⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Windows\Installer\MSI544.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259917578 3826 SetupConfigCustomAction!Squirrel.SetupConfigCustomAction.SettingsCustomActions.RemoveRegKeyFromPreviousInstall3⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 35A012F0ACB66254B25684C5669DD76B2⤵
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Windows\Installer\MSIF96.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259919906 3832 SetupConfigCustomAction!Squirrel.SetupConfigCustomAction.SettingsCustomActions.CopyConfig3⤵
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall1⤵
- Checks SCSI registry key(s)
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "9" "C:\Program Files\Microsoft Office\root\Office16\OneNote\\prnms006.inf" "9" "44b58805b" "0000000000000174" "Service-0x0-3e7$\Default" "0000000000000178" "208" "C:\Program Files\Microsoft Office\root\Office16\OneNote\"2⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s DsmSvc1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\system32\compattelrunner.exeC:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k wsappx -s AppXSvc1⤵
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding1⤵
-
C:\Windows\system32\compattelrunner.exeC:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe" /frequentupdate SCHEDULEDTASK displaylevel=False1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe" /frequentupdate SCHEDULEDTASK displaylevel=False1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVFILESYSTEMMETADATA.dllMD5
47df99fe851db855c5507328f660dcf5
SHA1195a33f0b91d6fda50d48c98c8e9bbfacfbf331b
SHA25615646e0312a8ac15305efb382ce658ca37e6d4e4b73f93387589fd1d8139e3db
SHA5125de2564d67dbf37ec38d40ac3b2d11fae4318744655941a763a514ed35d38fdf55694852789ca98d9e11c9ead5f997f8091d1413e20d511aba9aef1f8c46d5ea
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVMANIFEST.dllMD5
18ebc0da472b1efc4e8f6b6627cffc93
SHA120a7cf7558d8a7a5bbcc131cbaf4ba75d3f11815
SHA256624ab9c6838a88550ad5d906e86829778b5a9fce09a55a67eadcbb5806058c98
SHA512a443da09f063e6ba8711df6ac9c35aa26298356e3dcf819e7784b8641c609fa8fd5d30ec03964493790058b138534f342b65e0688b93e8fcd6d6aa772acd6f6d
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVPOLICY.dllMD5
1c03d1935b5892738a188ba40cd5a223
SHA1b793c3918203f57468a7baa83e8d9e6e7b775545
SHA256d656c21853e185feb04c0decc52df277ed9d214e9ffa31b86ed34c682e1b5730
SHA512f9fa9def40ec3053f3a75ab2bc8e7c68c8b806be5bb80cda726ac8c08e3152c32db84a43a9e5775851bde0067d9ce9c8657a19850887171b0b206685318dbf40
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dllMD5
e85b603cc6968ffb4303fee315cf1af7
SHA1e18d26df594425ff299cae10521ab21bb37baa31
SHA256dbddda4caf6b63671b74666584ce1ac2affa59270e987725f2059fb1249c4ec8
SHA512a1ab6bd6f908a2edb5b4afd2d5da24c187e14bd2572f27237f1fb4d24da8a8fa7d227c140e99da9739ca8be63cfcd96e2259c9c29f64f1059033ab049f6dfa9b
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVCatalog.dllMD5
cf282ddd8d2cd281b2afb341bbbc7f8a
SHA18104ad996680c838c44743b1cc3149353c8bdb2b
SHA25691cc31c10bac6b042855d8a48c854ba57b8e2085ca427786416f418f3597860b
SHA512fed8069b200919471a21ac0b1d258f89f206bb6ed172b9b5a17e7d13b78fd825d25a33172adedec55cb89f225756f36daa9eec587eff52bf91df3752c2bd9de3
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dllMD5
c01cc0200f3d889c68b503c68049ff62
SHA1338589ddb1ffb4422f06e75f62f0db1151741f5d
SHA256326bcb85652c67780d0193d78d5bab30e3668e6bcbcffcff304751b2f4518f54
SHA5128d072207da418ff170e843f2d97b0e52875b42d2d4b46882d5de08a4e98bf1b7788052c5c591aa70f72813fe2b692541c55920d6dbe22ef15b7ef8a9252da58a
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvApi.dllMD5
fc0e1d121cdded19e7b98cd995bde281
SHA1102ebe6eb24cf598d559b305423b38896a8208cc
SHA2567ccc472997dc3d5080cac6918bbd7ba172a4e674f59b5721e7487cd9b101d64d
SHA5127077503a5265554f85364744385c4db557cc87f3540688f661c3f139e94cf107ceb2fdac51235a92030ce9dc19a411326ac720ff0925d9d28894afa4b3a0989c
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvStreamingManager.dllMD5
4d3d26e3dee4398c1127903171ceb1c3
SHA195e316fe28d10ab358eaf71cc1bc66e3912d55a0
SHA2563f54dc6589030ea96e0022e2a36624d9f8aba31a0940db4f2da3773739f5fd3c
SHA5127241f433e9c970d16658fc3498235804de128564c7be25afce9c3d75d14000e738a9cc8de343c339f47144f243250eb8918f4ddaef783fae1b0dae0a1d5bcb45
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dllMD5
5f98a9c985171cd6f7b709b4727f802e
SHA11a822aca0699d67e2726ba716e7bb28316493328
SHA256238a45614b67a38facf98730b2b5e316b424f79b4ad591eddb6ec52460c3265c
SHA5122e6342e689a090854a24db2d837975eccdcaf8f78a3dff568e9dde6f76b2c0b929f307498b278a1feae5eec17e60cdbc81b8f10d0379dd1c77b6a0b8da5b5370
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dllMD5
b5da8c6339ac4fe30dab6be4ca4fb8f5
SHA1fa628818d38d49527a4cdaa46b47bfd1ea18477d
SHA2566677f595565cc80ad6cc46dda9760ffb1c5d02cdd3a36cb525f5a96d8edc601c
SHA5121619ce0bcb62ddcb22fe0d5caf456a2ad84d08ffb4b42951aef18efb5e3e73458441b84fab815521c936fd94c78d474e47997ef4c9cc18aab90c77b029d0a5d7
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dllMD5
0884821e75b789d14faa4757a7f31880
SHA1b837e32188a5673683d02bc62e21a23647308d7f
SHA2561ebb321cbfeceb8eb13045118f09d43b94bc0172cdd185fbb3dffe58d7da10ab
SHA51242fe74d5d28c20695d2230d66e0c368059e0726f494a2ecec3e2c8aef4e4a1c570f072564c59362c347e653c46b4f15af4db11fbc9ad0d2babbf8883df032ebb
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dllMD5
9d499d107cec3a860cfcc2dcf69460de
SHA14ee5fe5661df25f844f7b9fe7976704a592a3d71
SHA2569fb86a0ecd3273971a8f276cbfac500bd5a1cdcab50c2f2601fd52faf19a122d
SHA5120e3d2673ee7eb408728a680cbc775f1d997276e04e3e8aa762aa7777b20329ec2b84c2d6421e0e285f41ebb9f65028cbca6b048c504fb97c3ddf6e86842fa9a4
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\CONCRT140.dllMD5
c4fe3f03efd3188252caa101f954ffeb
SHA198b613aee45c71aed9d2be0d61d7ace323929e9c
SHA25695bb425be3d515a6a58f7399d44dd9e032baea11667dfdba29517c460171880a
SHA51280018e0bddf079367d3568433a5f89f0144aa0a75286b0105fe32aeeb5d80876c9b2e1ecaafb70fb041271e27a234a2cb88a2d3d160a4aa3768ccfcfc574704a
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\IntegratedOffice.exeMD5
2ca4cf3c39635030a0d6f7e774f9dc95
SHA1d73c8e3e6642ed32c4f2105b27fbb82019f2be45
SHA256864a6f41bd1a57ffd5fc403798271614c8151e25861fd83b50f9e12e1ee6ac4e
SHA51240287b61cc89c5695917da4ab31f951335bb83cacdb087af70508eb1f5c7563b4a1fdeaccfe222ef93bbae8633a56b1c02d64cd15646cfca2dc7c16095077a7e
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\MSIX.dllMD5
680de13431ec58094f287adcb1865d06
SHA1feb2eab60f1ab0f7add64282be9ede34219530b0
SHA25682d366c444bf6147227fae26ad3468094a230fbce84e15eb9f5cba3c7bb63ffb
SHA512884de914ddfd66f8e22918b243da512629b9fa6552bbbd0cc94ca920c4fd40859451aafeda29152cedb11a99fef845f9e106019d517bc57df6460f4fc51c6cb1
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\MSVCP140.dllMD5
cd0c37f1875b704f8eb08e397381ac16
SHA1249d33c43e105a1c36ec6a24e5ef8dbc5f56b31b
SHA256d86ac158123a245b927592c80cc020fea29c8c4addc144466c4625a00ca9c77a
SHA512d60c56716399b417e1d9d7d739af13674c8572974f220a44e5e4e9ab0b0a23b8937bd0929eee9f03f20b7f74db008f70f9559a7eb66948b3afab5b96bdd1a6d5
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeMD5
e83faef7ae94f73949d5db33b015f256
SHA14603162e8eea9fe3e75a94eb80c2d57f577368b0
SHA256dfd8e89144ff14b58be63c56ba4dd83eadd279b0c00fb3ba3e04dba59e29a385
SHA51268d59eed52857cce8134248771f954907c27c2ab57e43424ca9d21862fa3d87145fb241c4559317a5669bfe5ed7e457e6d36a845f6a9dc3a51b80f4c5cea4a9c
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dllMD5
0af84993d66a9d68d6d1c65707c2ef4a
SHA1848f692dd049d957d01a3386f83b7da836bf99e7
SHA2565951e8c2e0d1a7ba0b3ddb568e67809eac72d4285be1d0a982882e58f54814e4
SHA512247f3cf55926a6a10a6da1b04de41e8bb4ffd54bd908ee7057b204819f82197ef6d8c0cff55e78d662d9fbaa76f1167befe211dfc976312c78db013a500ab548
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\VCRUNTIME140.dllMD5
11d9ac94e8cb17bd23dea89f8e757f18
SHA1d4fb80a512486821ad320c4fd67abcae63005158
SHA256e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\VCRUNTIME140_1.dllMD5
7667b0883de4667ec87c3b75bed84d84
SHA1e6f6df83e813ed8252614a46a5892c4856df1f58
SHA25604e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d
SHA512968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\appvisvsubsystems32.dllMD5
eceaf9a27eaadbf0b9efed8f4d1fce85
SHA104f479306df3202d8765fa94925a00d2782666b8
SHA256d18eed0f63f80a35cdb0a572470659843054723ad986de127a5dd1e7527f01bc
SHA51251197498d1be232a2feb029771991db277512221ca2139c9a30fc6103d6c70b97b56bbbf90891c82da6a79bc2b383a8d9295634e077464af96052c3c2fd7d58e
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\c2rintl.en-us.dllMD5
dcb65de3ae26aa5847c13b45cd9411a3
SHA1b74417bcbe423499f36a2542f6b5c0395f347c5a
SHA2567cdedae25bcdce1f8458e7062d9dd768d5780765fcdc8aa7747f28711de65f85
SHA51267dd2ba2bef1586e97a9fe3045c7fc96701ee8c90d52beeca2c5c06a6837a28f1da83448472fb186925aff9084bdb59dab926ce81a16b2c56c732da225f4f6e3
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\i640.hashMD5
08640975c413392f3613bfbcffdd203c
SHA1eed97c73eba0289fd569a0025074a02c4da3384c
SHA256605466624ec867b3d6038c18ea06030f96eda22ab19579c926c664ca1fe49a59
SHA5128ef0a00caa7fdb6255ed4a112a4e4c7df19bebaefe98abcc915086d37ed0211e626f9fff1904df1f6b40084a80f3896d8886a0e3160a24d3c16b02d42f3ed2bc
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\repoman.dllMD5
4896c2fdbad50c502b0418f8547d8a49
SHA1c7b95ce8e8fa1e55b2e7410613f9eb1a95a291d9
SHA256a35781e2da58a5faba9504b1faa1c9074ff5cf7f1488220983942faf2ccec7d6
SHA5124439397f4f357f88713374c426a89632cdb61029161785fb2c8b87a9527b1f86041781c19321f055ca9210fbe41767e6787adad1fbb8372439d59b405828680e
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeMD5
d6f51c2dd13f3b13e2ffa521072094d2
SHA189fcf050ec06dfdb75e3e4f7ec7420ad56a97464
SHA2560fbc4613b66a98de6112cc113d936eca0305865666516662a8cc0fae0cde7c11
SHA5120910213380cb659d199be9768ef30a31272c997edc6f2f511cbf7bc6c1e7a95e90e698b4d29d410e32aeddcfce29c8fdea7379814b99687c7f1e300690d3704c
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeMD5
e83faef7ae94f73949d5db33b015f256
SHA14603162e8eea9fe3e75a94eb80c2d57f577368b0
SHA256dfd8e89144ff14b58be63c56ba4dd83eadd279b0c00fb3ba3e04dba59e29a385
SHA51268d59eed52857cce8134248771f954907c27c2ab57e43424ca9d21862fa3d87145fb241c4559317a5669bfe5ed7e457e6d36a845f6a9dc3a51b80f4c5cea4a9c
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeMD5
e83faef7ae94f73949d5db33b015f256
SHA14603162e8eea9fe3e75a94eb80c2d57f577368b0
SHA256dfd8e89144ff14b58be63c56ba4dd83eadd279b0c00fb3ba3e04dba59e29a385
SHA51268d59eed52857cce8134248771f954907c27c2ab57e43424ca9d21862fa3d87145fb241c4559317a5669bfe5ed7e457e6d36a845f6a9dc3a51b80f4c5cea4a9c
-
C:\Test\Office365.exeMD5
f8fbe5f1b0214436b8d531a88a3a15f9
SHA1676e4285348089cd09a8bb8ccbe7eb43258e9d38
SHA256e252fa969d83e249335d527f209be0d0fe58fa031df656b724e59d195f7b2e7c
SHA5127def594467a4e5b5b05764d214b9f965bb46671057a4e725a8444a336bf265a421d57ff81106def56974bb3abb0761a153795856b5d1775fc0e1a5fc6eab260c
-
C:\Test\Office365.exeMD5
f8fbe5f1b0214436b8d531a88a3a15f9
SHA1676e4285348089cd09a8bb8ccbe7eb43258e9d38
SHA256e252fa969d83e249335d527f209be0d0fe58fa031df656b724e59d195f7b2e7c
SHA5127def594467a4e5b5b05764d214b9f965bb46671057a4e725a8444a336bf265a421d57ff81106def56974bb3abb0761a153795856b5d1775fc0e1a5fc6eab260c
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.logMD5
3c77e960becbd7a3941082e5bfdc79a5
SHA1270dac097f92b9c8d77eb5cc9ddb5a79175ee374
SHA256c2427c938fd1a390a30ba47d1130e14f3ee8894d0dff080d05eacd45f1a981c6
SHA51207c44f3e4a2fccc7b8bc2065d7b67ae21b1d1d87375d92c55240bcf2b72248b5e5059470241980b85635c7d915669e809de2b1d2a977438f7e7988455bd5e36f
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5
2103394621268673c023dd8021f3b16c
SHA151631638e123d73298b14b27998ad8cb3121c92c
SHA2563b31cef253c0045b1035ff688bee318a81f79c7a33e10af011bb840064fede1c
SHA512cf7422c65da826c0b6dfaf3d73617969045312244eb1c84110122922f6e3ae20da6831d6c67fecaf1a5e0413f725001aa376419e7d2c91abe57d8bb0974e3d14
-
C:\Users\Admin\AppData\Local\Temp\Office.ValidateError.scratchMD5
bd3457e50947d4280734e74b51b5b68d
SHA1424635c6b5622a6c01a59d290a1c9ab8e593effc
SHA25623d647979bc5dc186de5ba3e00a222a912ab8e4782eb6407efa70e29e95979f5
SHA512e83e3615a5e94af288eb1c9b92f55e271765cc43531ec94574371debf63c0c4a58327b6fd8a4775bfba8a3234220cb0396b6d33164309a09a1d826c0689143fb
-
C:\Users\Admin\AppData\Local\Temp\Office.ValidateError.scratchMD5
bd3457e50947d4280734e74b51b5b68d
SHA1424635c6b5622a6c01a59d290a1c9ab8e593effc
SHA25623d647979bc5dc186de5ba3e00a222a912ab8e4782eb6407efa70e29e95979f5
SHA512e83e3615a5e94af288eb1c9b92f55e271765cc43531ec94574371debf63c0c4a58327b6fd8a4775bfba8a3234220cb0396b6d33164309a09a1d826c0689143fb
-
C:\Users\Admin\AppData\Local\Temp\Office.ValidateResult.scratchMD5
21438ef4b9ad4fc266b6129a2f60de29
SHA15eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA25613bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA51237436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237
-
C:\Users\Admin\AppData\Local\Temp\Office.ValidateResult.scratchMD5
21438ef4b9ad4fc266b6129a2f60de29
SHA15eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA25613bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA51237436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237
-
\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dllMD5
e85b603cc6968ffb4303fee315cf1af7
SHA1e18d26df594425ff299cae10521ab21bb37baa31
SHA256dbddda4caf6b63671b74666584ce1ac2affa59270e987725f2059fb1249c4ec8
SHA512a1ab6bd6f908a2edb5b4afd2d5da24c187e14bd2572f27237f1fb4d24da8a8fa7d227c140e99da9739ca8be63cfcd96e2259c9c29f64f1059033ab049f6dfa9b
-
\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dllMD5
e85b603cc6968ffb4303fee315cf1af7
SHA1e18d26df594425ff299cae10521ab21bb37baa31
SHA256dbddda4caf6b63671b74666584ce1ac2affa59270e987725f2059fb1249c4ec8
SHA512a1ab6bd6f908a2edb5b4afd2d5da24c187e14bd2572f27237f1fb4d24da8a8fa7d227c140e99da9739ca8be63cfcd96e2259c9c29f64f1059033ab049f6dfa9b
-
\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dllMD5
e85b603cc6968ffb4303fee315cf1af7
SHA1e18d26df594425ff299cae10521ab21bb37baa31
SHA256dbddda4caf6b63671b74666584ce1ac2affa59270e987725f2059fb1249c4ec8
SHA512a1ab6bd6f908a2edb5b4afd2d5da24c187e14bd2572f27237f1fb4d24da8a8fa7d227c140e99da9739ca8be63cfcd96e2259c9c29f64f1059033ab049f6dfa9b
-
\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dllMD5
cf282ddd8d2cd281b2afb341bbbc7f8a
SHA18104ad996680c838c44743b1cc3149353c8bdb2b
SHA25691cc31c10bac6b042855d8a48c854ba57b8e2085ca427786416f418f3597860b
SHA512fed8069b200919471a21ac0b1d258f89f206bb6ed172b9b5a17e7d13b78fd825d25a33172adedec55cb89f225756f36daa9eec587eff52bf91df3752c2bd9de3
-
\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dllMD5
47df99fe851db855c5507328f660dcf5
SHA1195a33f0b91d6fda50d48c98c8e9bbfacfbf331b
SHA25615646e0312a8ac15305efb382ce658ca37e6d4e4b73f93387589fd1d8139e3db
SHA5125de2564d67dbf37ec38d40ac3b2d11fae4318744655941a763a514ed35d38fdf55694852789ca98d9e11c9ead5f997f8091d1413e20d511aba9aef1f8c46d5ea
-
\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dllMD5
c01cc0200f3d889c68b503c68049ff62
SHA1338589ddb1ffb4422f06e75f62f0db1151741f5d
SHA256326bcb85652c67780d0193d78d5bab30e3668e6bcbcffcff304751b2f4518f54
SHA5128d072207da418ff170e843f2d97b0e52875b42d2d4b46882d5de08a4e98bf1b7788052c5c591aa70f72813fe2b692541c55920d6dbe22ef15b7ef8a9252da58a
-
\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dllMD5
fc0e1d121cdded19e7b98cd995bde281
SHA1102ebe6eb24cf598d559b305423b38896a8208cc
SHA2567ccc472997dc3d5080cac6918bbd7ba172a4e674f59b5721e7487cd9b101d64d
SHA5127077503a5265554f85364744385c4db557cc87f3540688f661c3f139e94cf107ceb2fdac51235a92030ce9dc19a411326ac720ff0925d9d28894afa4b3a0989c
-
\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dllMD5
4d3d26e3dee4398c1127903171ceb1c3
SHA195e316fe28d10ab358eaf71cc1bc66e3912d55a0
SHA2563f54dc6589030ea96e0022e2a36624d9f8aba31a0940db4f2da3773739f5fd3c
SHA5127241f433e9c970d16658fc3498235804de128564c7be25afce9c3d75d14000e738a9cc8de343c339f47144f243250eb8918f4ddaef783fae1b0dae0a1d5bcb45
-
\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dllMD5
5f98a9c985171cd6f7b709b4727f802e
SHA11a822aca0699d67e2726ba716e7bb28316493328
SHA256238a45614b67a38facf98730b2b5e316b424f79b4ad591eddb6ec52460c3265c
SHA5122e6342e689a090854a24db2d837975eccdcaf8f78a3dff568e9dde6f76b2c0b929f307498b278a1feae5eec17e60cdbc81b8f10d0379dd1c77b6a0b8da5b5370
-
\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dllMD5
b5da8c6339ac4fe30dab6be4ca4fb8f5
SHA1fa628818d38d49527a4cdaa46b47bfd1ea18477d
SHA2566677f595565cc80ad6cc46dda9760ffb1c5d02cdd3a36cb525f5a96d8edc601c
SHA5121619ce0bcb62ddcb22fe0d5caf456a2ad84d08ffb4b42951aef18efb5e3e73458441b84fab815521c936fd94c78d474e47997ef4c9cc18aab90c77b029d0a5d7
-
\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dllMD5
18ebc0da472b1efc4e8f6b6627cffc93
SHA120a7cf7558d8a7a5bbcc131cbaf4ba75d3f11815
SHA256624ab9c6838a88550ad5d906e86829778b5a9fce09a55a67eadcbb5806058c98
SHA512a443da09f063e6ba8711df6ac9c35aa26298356e3dcf819e7784b8641c609fa8fd5d30ec03964493790058b138534f342b65e0688b93e8fcd6d6aa772acd6f6d
-
\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dllMD5
0884821e75b789d14faa4757a7f31880
SHA1b837e32188a5673683d02bc62e21a23647308d7f
SHA2561ebb321cbfeceb8eb13045118f09d43b94bc0172cdd185fbb3dffe58d7da10ab
SHA51242fe74d5d28c20695d2230d66e0c368059e0726f494a2ecec3e2c8aef4e4a1c570f072564c59362c347e653c46b4f15af4db11fbc9ad0d2babbf8883df032ebb
-
\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dllMD5
1c03d1935b5892738a188ba40cd5a223
SHA1b793c3918203f57468a7baa83e8d9e6e7b775545
SHA256d656c21853e185feb04c0decc52df277ed9d214e9ffa31b86ed34c682e1b5730
SHA512f9fa9def40ec3053f3a75ab2bc8e7c68c8b806be5bb80cda726ac8c08e3152c32db84a43a9e5775851bde0067d9ce9c8657a19850887171b0b206685318dbf40
-
\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dllMD5
dcb65de3ae26aa5847c13b45cd9411a3
SHA1b74417bcbe423499f36a2542f6b5c0395f347c5a
SHA2567cdedae25bcdce1f8458e7062d9dd768d5780765fcdc8aa7747f28711de65f85
SHA51267dd2ba2bef1586e97a9fe3045c7fc96701ee8c90d52beeca2c5c06a6837a28f1da83448472fb186925aff9084bdb59dab926ce81a16b2c56c732da225f4f6e3
-
\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dllMD5
dcb65de3ae26aa5847c13b45cd9411a3
SHA1b74417bcbe423499f36a2542f6b5c0395f347c5a
SHA2567cdedae25bcdce1f8458e7062d9dd768d5780765fcdc8aa7747f28711de65f85
SHA51267dd2ba2bef1586e97a9fe3045c7fc96701ee8c90d52beeca2c5c06a6837a28f1da83448472fb186925aff9084bdb59dab926ce81a16b2c56c732da225f4f6e3
-
\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dllMD5
9d499d107cec3a860cfcc2dcf69460de
SHA14ee5fe5661df25f844f7b9fe7976704a592a3d71
SHA2569fb86a0ecd3273971a8f276cbfac500bd5a1cdcab50c2f2601fd52faf19a122d
SHA5120e3d2673ee7eb408728a680cbc775f1d997276e04e3e8aa762aa7777b20329ec2b84c2d6421e0e285f41ebb9f65028cbca6b048c504fb97c3ddf6e86842fa9a4
-
\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dllMD5
4896c2fdbad50c502b0418f8547d8a49
SHA1c7b95ce8e8fa1e55b2e7410613f9eb1a95a291d9
SHA256a35781e2da58a5faba9504b1faa1c9074ff5cf7f1488220983942faf2ccec7d6
SHA5124439397f4f357f88713374c426a89632cdb61029161785fb2c8b87a9527b1f86041781c19321f055ca9210fbe41767e6787adad1fbb8372439d59b405828680e
-
\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dllMD5
0af84993d66a9d68d6d1c65707c2ef4a
SHA1848f692dd049d957d01a3386f83b7da836bf99e7
SHA2565951e8c2e0d1a7ba0b3ddb568e67809eac72d4285be1d0a982882e58f54814e4
SHA512247f3cf55926a6a10a6da1b04de41e8bb4ffd54bd908ee7057b204819f82197ef6d8c0cff55e78d662d9fbaa76f1167befe211dfc976312c78db013a500ab548
-
\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dllMD5
c4fe3f03efd3188252caa101f954ffeb
SHA198b613aee45c71aed9d2be0d61d7ace323929e9c
SHA25695bb425be3d515a6a58f7399d44dd9e032baea11667dfdba29517c460171880a
SHA51280018e0bddf079367d3568433a5f89f0144aa0a75286b0105fe32aeeb5d80876c9b2e1ecaafb70fb041271e27a234a2cb88a2d3d160a4aa3768ccfcfc574704a
-
\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dllMD5
c4fe3f03efd3188252caa101f954ffeb
SHA198b613aee45c71aed9d2be0d61d7ace323929e9c
SHA25695bb425be3d515a6a58f7399d44dd9e032baea11667dfdba29517c460171880a
SHA51280018e0bddf079367d3568433a5f89f0144aa0a75286b0105fe32aeeb5d80876c9b2e1ecaafb70fb041271e27a234a2cb88a2d3d160a4aa3768ccfcfc574704a
-
\Program Files\Common Files\microsoft shared\ClickToRun\msix.dllMD5
680de13431ec58094f287adcb1865d06
SHA1feb2eab60f1ab0f7add64282be9ede34219530b0
SHA25682d366c444bf6147227fae26ad3468094a230fbce84e15eb9f5cba3c7bb63ffb
SHA512884de914ddfd66f8e22918b243da512629b9fa6552bbbd0cc94ca920c4fd40859451aafeda29152cedb11a99fef845f9e106019d517bc57df6460f4fc51c6cb1
-
\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dllMD5
cd0c37f1875b704f8eb08e397381ac16
SHA1249d33c43e105a1c36ec6a24e5ef8dbc5f56b31b
SHA256d86ac158123a245b927592c80cc020fea29c8c4addc144466c4625a00ca9c77a
SHA512d60c56716399b417e1d9d7d739af13674c8572974f220a44e5e4e9ab0b0a23b8937bd0929eee9f03f20b7f74db008f70f9559a7eb66948b3afab5b96bdd1a6d5
-
\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dllMD5
cd0c37f1875b704f8eb08e397381ac16
SHA1249d33c43e105a1c36ec6a24e5ef8dbc5f56b31b
SHA256d86ac158123a245b927592c80cc020fea29c8c4addc144466c4625a00ca9c77a
SHA512d60c56716399b417e1d9d7d739af13674c8572974f220a44e5e4e9ab0b0a23b8937bd0929eee9f03f20b7f74db008f70f9559a7eb66948b3afab5b96bdd1a6d5
-
\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dllMD5
11d9ac94e8cb17bd23dea89f8e757f18
SHA1d4fb80a512486821ad320c4fd67abcae63005158
SHA256e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
-
\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dllMD5
11d9ac94e8cb17bd23dea89f8e757f18
SHA1d4fb80a512486821ad320c4fd67abcae63005158
SHA256e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
-
\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dllMD5
11d9ac94e8cb17bd23dea89f8e757f18
SHA1d4fb80a512486821ad320c4fd67abcae63005158
SHA256e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
-
\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140_1.dllMD5
7667b0883de4667ec87c3b75bed84d84
SHA1e6f6df83e813ed8252614a46a5892c4856df1f58
SHA25604e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d
SHA512968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74
-
\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140_1.dllMD5
7667b0883de4667ec87c3b75bed84d84
SHA1e6f6df83e813ed8252614a46a5892c4856df1f58
SHA25604e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d
SHA512968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74
-
\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140_1.dllMD5
7667b0883de4667ec87c3b75bed84d84
SHA1e6f6df83e813ed8252614a46a5892c4856df1f58
SHA25604e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d
SHA512968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74
-
memory/64-439-0x0000000000000000-mapping.dmp
-
memory/208-430-0x0000000000000000-mapping.dmp
-
memory/352-664-0x0000000003620000-0x0000000003621000-memory.dmpFilesize
4KB
-
memory/396-420-0x0000000000000000-mapping.dmp
-
memory/404-402-0x0000000000000000-mapping.dmp
-
memory/648-438-0x0000000000000000-mapping.dmp
-
memory/656-443-0x0000000000000000-mapping.dmp
-
memory/696-670-0x0000000005140000-0x0000000005141000-memory.dmpFilesize
4KB
-
memory/712-193-0x0000000000CE3000-0x0000000000CE4000-memory.dmpFilesize
4KB
-
memory/712-143-0x00000000082B0000-0x00000000082B1000-memory.dmpFilesize
4KB
-
memory/712-136-0x0000000000CE2000-0x0000000000CE3000-memory.dmpFilesize
4KB
-
memory/712-135-0x0000000000CE0000-0x0000000000CE1000-memory.dmpFilesize
4KB
-
memory/712-134-0x0000000007170000-0x0000000007171000-memory.dmpFilesize
4KB
-
memory/712-133-0x0000000004AF0000-0x0000000004AF1000-memory.dmpFilesize
4KB
-
memory/712-132-0x0000000000CD0000-0x0000000000CD1000-memory.dmpFilesize
4KB
-
memory/712-131-0x0000000000CD0000-0x0000000000CD1000-memory.dmpFilesize
4KB
-
memory/712-130-0x0000000000000000-mapping.dmp
-
memory/712-139-0x0000000007900000-0x0000000007901000-memory.dmpFilesize
4KB
-
memory/712-141-0x00000000079A0000-0x00000000079A1000-memory.dmpFilesize
4KB
-
memory/712-411-0x0000000000000000-mapping.dmp
-
memory/712-142-0x0000000008540000-0x0000000008541000-memory.dmpFilesize
4KB
-
memory/712-138-0x0000000007890000-0x0000000007891000-memory.dmpFilesize
4KB
-
memory/712-144-0x0000000000CD0000-0x0000000000CD1000-memory.dmpFilesize
4KB
-
memory/712-151-0x0000000009090000-0x00000000090C3000-memory.dmpFilesize
204KB
-
memory/712-158-0x0000000009070000-0x0000000009071000-memory.dmpFilesize
4KB
-
memory/712-163-0x00000000091D0000-0x00000000091D1000-memory.dmpFilesize
4KB
-
memory/712-192-0x000000007E830000-0x000000007E831000-memory.dmpFilesize
4KB
-
memory/812-436-0x0000000000000000-mapping.dmp
-
memory/916-231-0x0000000000000000-mapping.dmp
-
memory/916-244-0x0000000004420000-0x0000000004421000-memory.dmpFilesize
4KB
-
memory/916-246-0x0000000004422000-0x0000000004423000-memory.dmpFilesize
4KB
-
memory/916-278-0x000000007EED0000-0x000000007EED1000-memory.dmpFilesize
4KB
-
memory/916-333-0x0000000004423000-0x0000000004424000-memory.dmpFilesize
4KB
-
memory/1040-394-0x0000000000000000-mapping.dmp
-
memory/1092-445-0x0000000000000000-mapping.dmp
-
memory/1120-412-0x0000000000000000-mapping.dmp
-
memory/1156-399-0x0000000000000000-mapping.dmp
-
memory/1244-393-0x0000000000000000-mapping.dmp
-
memory/1280-408-0x0000000000000000-mapping.dmp
-
memory/1292-441-0x0000000000000000-mapping.dmp
-
memory/1348-423-0x0000000000000000-mapping.dmp
-
memory/1372-444-0x0000000000000000-mapping.dmp
-
memory/1480-405-0x0000000000000000-mapping.dmp
-
memory/1492-435-0x0000000000000000-mapping.dmp
-
memory/1548-425-0x0000000000000000-mapping.dmp
-
memory/1592-453-0x0000000000000000-mapping.dmp
-
memory/1772-127-0x0000000000000000-mapping.dmp
-
memory/1840-418-0x0000000000000000-mapping.dmp
-
memory/1892-398-0x0000000000000000-mapping.dmp
-
memory/1892-455-0x0000000000000000-mapping.dmp
-
memory/1944-633-0x0000000007084000-0x0000000007086000-memory.dmpFilesize
8KB
-
memory/1944-632-0x0000000007083000-0x0000000007084000-memory.dmpFilesize
4KB
-
memory/1944-631-0x0000000007081000-0x0000000007082000-memory.dmpFilesize
4KB
-
memory/1944-630-0x0000000007080000-0x0000000007081000-memory.dmpFilesize
4KB
-
memory/1944-634-0x0000000007086000-0x0000000007087000-memory.dmpFilesize
4KB
-
memory/1968-449-0x0000000000000000-mapping.dmp
-
memory/2020-415-0x0000000000000000-mapping.dmp
-
memory/2028-454-0x0000000000000000-mapping.dmp
-
memory/2028-417-0x0000000000000000-mapping.dmp
-
memory/2088-440-0x0000000000000000-mapping.dmp
-
memory/2100-334-0x0000000000000000-mapping.dmp
-
memory/2172-396-0x0000000000000000-mapping.dmp
-
memory/2176-442-0x0000000000000000-mapping.dmp
-
memory/2176-429-0x0000000000000000-mapping.dmp
-
memory/2180-426-0x0000000000000000-mapping.dmp
-
memory/2204-456-0x0000000000000000-mapping.dmp
-
memory/2220-448-0x0000000000000000-mapping.dmp
-
memory/2224-615-0x0000000002A20000-0x0000000002A22000-memory.dmpFilesize
8KB
-
memory/2240-432-0x0000000000000000-mapping.dmp
-
memory/2252-612-0x00000000028B0000-0x00000000028B2000-memory.dmpFilesize
8KB
-
memory/2312-428-0x0000000000000000-mapping.dmp
-
memory/2316-431-0x0000000000000000-mapping.dmp
-
memory/2452-422-0x0000000000000000-mapping.dmp
-
memory/2620-124-0x00000000098B0000-0x000000000995C000-memory.dmpFilesize
688KB
-
memory/2620-121-0x00000000051D0000-0x00000000051D1000-memory.dmpFilesize
4KB
-
memory/2620-115-0x0000000000860000-0x0000000000861000-memory.dmpFilesize
4KB
-
memory/2620-122-0x0000000005450000-0x0000000005451000-memory.dmpFilesize
4KB
-
memory/2620-117-0x0000000005120000-0x0000000005121000-memory.dmpFilesize
4KB
-
memory/2620-125-0x0000000009AE0000-0x0000000009AE1000-memory.dmpFilesize
4KB
-
memory/2620-118-0x0000000005750000-0x0000000005751000-memory.dmpFilesize
4KB
-
memory/2620-123-0x0000000005250000-0x000000000574E000-memory.dmpFilesize
5.0MB
-
memory/2620-119-0x00000000052F0000-0x00000000052F1000-memory.dmpFilesize
4KB
-
memory/2620-120-0x0000000005250000-0x000000000574E000-memory.dmpFilesize
5.0MB
-
memory/2620-126-0x000000000A3E0000-0x000000000A3E1000-memory.dmpFilesize
4KB
-
memory/2672-392-0x0000000000000000-mapping.dmp
-
memory/2676-616-0x0000000002660000-0x0000000002662000-memory.dmpFilesize
8KB
-
memory/2688-416-0x0000000000000000-mapping.dmp
-
memory/2984-452-0x0000000000000000-mapping.dmp
-
memory/2988-451-0x0000000000000000-mapping.dmp
-
memory/3012-424-0x0000000000000000-mapping.dmp
-
memory/3040-450-0x0000000000000000-mapping.dmp
-
memory/3076-409-0x0000000000000000-mapping.dmp
-
memory/3112-434-0x0000000000000000-mapping.dmp
-
memory/3136-427-0x0000000000000000-mapping.dmp
-
memory/3160-421-0x0000000000000000-mapping.dmp
-
memory/3296-410-0x0000000000000000-mapping.dmp
-
memory/3320-413-0x0000000000000000-mapping.dmp
-
memory/3360-419-0x0000000000000000-mapping.dmp
-
memory/3480-447-0x0000000000000000-mapping.dmp
-
memory/3492-608-0x0000000000C90000-0x0000000000C92000-memory.dmpFilesize
8KB
-
memory/3492-609-0x00007FF5FEFD0000-0x00007FF5FEFD1000-memory.dmpFilesize
4KB
-
memory/3560-414-0x0000000000000000-mapping.dmp
-
memory/3700-397-0x0000000000000000-mapping.dmp
-
memory/3712-395-0x0000000000000000-mapping.dmp
-
memory/3716-458-0x0000000000900000-0x0000000000902000-memory.dmpFilesize
8KB
-
memory/3740-437-0x0000000000000000-mapping.dmp
-
memory/3748-374-0x0000000000000000-mapping.dmp
-
memory/3864-446-0x0000000000000000-mapping.dmp
-
memory/3864-433-0x0000000000000000-mapping.dmp
-
memory/3868-650-0x0000000007216000-0x0000000007217000-memory.dmpFilesize
4KB
-
memory/3868-649-0x0000000007214000-0x0000000007216000-memory.dmpFilesize
8KB
-
memory/3868-648-0x0000000007213000-0x0000000007214000-memory.dmpFilesize
4KB
-
memory/3868-646-0x0000000007210000-0x0000000007211000-memory.dmpFilesize
4KB
-
memory/3868-647-0x0000000007211000-0x0000000007212000-memory.dmpFilesize
4KB
-
memory/3888-687-0x0000000005910000-0x0000000005911000-memory.dmpFilesize
4KB
-
memory/3936-457-0x0000000002380000-0x0000000002382000-memory.dmpFilesize
8KB