Malware Analysis Report

2025-08-05 16:43

Sample ID 240204-wxzdksfhg3
Target http://zx
Tags
adware discovery evasion persistence spyware stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://zx was found to be: Likely malicious.

Malicious Activity Summary

adware discovery evasion persistence spyware stealer trojan

Sets file execution options in registry

Modifies Installed Components in the registry

Manipulates Digital Signatures

Downloads MZ/PE file

Checks computer location settings

Reads user/profile data of web browsers

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Drops desktop.ini file(s)

Installs/modifies Browser Helper Object

Enumerates connected drives

Checks whether UAC is enabled

Checks installed software on the system

Drops file in System32 directory

Checks system information in the registry

Drops file in Program Files directory

Drops file in Windows directory

Program crash

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Kills process with taskkill

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

Checks SCSI registry key(s)

Modifies registry class

Runs ping.exe

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Modifies system certificate store

Uses Volume Shadow Copy service COM API

Checks processor information in registry

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-04 18:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-04 18:18

Reported

2024-02-04 18:42

Platform

win10v2004-20231222-en

Max time kernel

1369s

Max time network

1437s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://zx

Signatures

Downloads MZ/PE file

Manipulates Digital Signatures

Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLGETSIGNEDDATAMSG\{9FA65764-C36F-4319-9737-658A34585BB7} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLREMOVESIGNEDDATAMSG\{9FA65764-C36F-4319-9737-658A34585BB7} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\MESSAGE\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\CLEANUP\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLPUTSIGNEDDATAMSG\{9FA65764-C36F-4319-9737-658A34585BB7} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{9FA65764-C36F-4319-9737-658A34585BB7} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\INITIALIZATION\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\DIAGNOSTICPOLICY\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\8F2DE7E770A8B1E412C2DE131064D7A52DA62287\Blob = 0300000001000000140000008f2de7e770a8b1e412c2de131064d7a52da62287190000000100000010000000aa6fd6bd7df2864341e10de037f41dc6040000000100000010000000a7c9563a13f15ee0e171ef6aa4c7a7870f0000000100000020000000dcb8261fa22c834b1ffb69470c0cc7baff034b5c656a6c297259addfbf73f1e320000000010000002c0500003082052830820410a003020102021003e9eb4dff67d4f9a554a422d5ed86f3300d06092a864886f70d01010b05003072310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3131302f0603550403132844696769436572742053484132204173737572656420494420436f6465205369676e696e67204341301e170d3138313032343030303030305a170d3232303130353132303030305a3065310b300906035504061302444531123010060355040713095374757474676172743120301e060355040a13177068696c616e64726f20536f66747761726520476d62483120301e060355040313177068696c616e64726f20536f66747761726520476d624830820122300d06092a864886f70d01010105000382010f003082010a0282010100c670a0d7fd91b6a5a0608435029365d11e529a2d43df54680357ad83dfb4ee6cbf54d74c4bc9205fbbca3b436d0fe3370b3200d8c655e242c92b4b2a2fa6040c81e530fcc1a60d849d52886bf3e29c50b52413e2a321f756b314f3bcbc47e550ea4b6ecf895132ae6f99a947ea9ad00982b86ebce0cd6a198bc65f1cc1bb6a1638931cb630c26ca343eb7f2bb394f36cb302bec93f3828dcf165700e7a00712cc914ce5f4b6c6945f201d769ca2fffe1268b6cf57965bd8d5c4177a2d176f32c9c9e60a7a96c3f775e64b84734394983790f56701d1b8f9614028ca180e7d03ffafa30bb51149059ae4d93d8b696c1160319e9945a760a640dd6bd134ce6db270203010001a38201c5308201c1301f0603551d230418301680145ac4b97b2a0aa3a5ea7103c060f92df665750e58301d0603551d0e0416041437566615f0b266ff2f5295d1ae83c4e065330e43300e0603551d0f0101ff04040302078030130603551d25040c300a06082b0601050507030330770603551d1f0470306e3035a033a031862f687474703a2f2f63726c332e64696769636572742e636f6d2f736861322d617373757265642d63732d67312e63726c3035a033a031862f687474703a2f2f63726c342e64696769636572742e636f6d2f736861322d617373757265642d63732d67312e63726c304c0603551d2004453043303706096086480186fd6c0301302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f4350533008060667810c01040130818406082b0601050507010104783076302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304e06082b060105050730028642687474703a2f2f636163657274732e64696769636572742e636f6d2f446967694365727453484132417373757265644944436f64655369676e696e6743412e637274300c0603551d130101ff04023000300d06092a864886f70d01010b0500038201010081f8e7b945d68610bab4057f23259843f454fd9c7aac4180dec936794e4a664dda255b30644288538121e30a69d4447dbc04c2da21e44f5c4ba41e706c9de0cb51c67931e31207ba3ac11791f9e551deb1aa3feee2a6e199a4d10b0cd71c05143f4466d6c84747d9bc3127e47102d90a2487440ea1b9a8e7317ddeeee3a0f42c296bf03314fa6e86f3743b9a4a6e756a54e67b0513c343e9e9f7c730af9f00acb32a27f707d3d04f22d58cbbb588c2fc72d5a37c4acaaab650c9533e96aa7a0bf53a60d86fb6ee8c982ec49b49130956b064d62e010da8a75e786a4445cff7b506eac4a40ab672d91dd23a272c7e28fb670cb502ff0f5572d88d8706580c5caf C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\SIGNATURE\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\CERTIFICATE\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLVERIFYINDIRECTDATA\{9FA65764-C36F-4319-9737-658A34585BB7} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\CERTCHECK\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\FINALPOLICY\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6EADE66-0000-0000-484E-7E8A45000000} C:\Windows\syswow64\MsiExec.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrServicesUpdater.exe C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdxhelper.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrCEF.exe C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoasb.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoadfsb.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgchart.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosrec.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\AnyDesk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\AnyDesk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MalinovkaInstaller.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\AnyDesk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation C:\Games\Malinovka\malinovka.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\MalinovkaInstaller.exe N/A
N/A N/A C:\Games\Malinovka\malinovka.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZoomInstallerFull.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\Downloads\world_of_tanks_install_eu_cywi9v4rn4uf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GNU8R.tmp\world_of_tanks_install_eu_cywi9v4rn4uf.tmp N/A
N/A N/A C:\Users\Admin\Downloads\world_of_tanks_install_eu_cywi9v4rn4uf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9TRBT.tmp\world_of_tanks_install_eu_cywi9v4rn4uf.tmp N/A
N/A N/A C:\Users\Admin\Downloads\PDFixers.exe N/A
N/A N/A C:\Program Files\Common Files\Microsoft Shared\Source Engine\ose.exe N/A
N/A N/A C:\Windows\Temp\ose00000.exe N/A
N/A N/A C:\Windows\Installer\MSIA61.tmp N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zA3DD5EC0\Uninst.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\default-browser-agent.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_B.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Zoom\uninstall\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Zoom\uninstall\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\CptInstall.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\MalinovkaInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\MalinovkaInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\MalinovkaInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\MalinovkaInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020820-0000-0000-C000-000000000046}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00024500-0000-0000-C000-000000000046}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5CEF5610-713D-11CE-80C9-00AA00611080}\InprocServer32\11.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{490D6966-005D-36A5-B7EF-521A24207E7E}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{000209FF-0000-0000-C000-000000000046}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E119-0000-0000-C000-000000000046}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D0B22D03-D05D-4C6D-8AB7-9392E84A87B9}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1E886174-DC88-4B83-8BC5-66409EC75F16}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{59191DA1-EA47-11CE-A51F-00AA0061507F}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{82B02373-B5BC-11CF-810F-00A0C9030074}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91493443-5A91-11CF-8700-00AA0060263B}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{000209F2-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{64654B35-A024-4807-89D3-C6FDB5A260C7}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35C5242B-7455-4F9C-962B-369EA43ED6F3}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E73304-E1D6-4330-914C-F5F514E3486C}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020821-0000-0000-C000-000000000046}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\7zA3DD5EC0\Uninst.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DCA8D857-1A63-4045-8F36-8809EB093D04}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{355822FC-86F1-4BE8-B5F0-A33736789641}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E185-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DA936B63-AC8B-11D1-B6E5-00A0C90F2744}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E17C-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1EB89D6-0A9C-4575-A0AE-654A990A454C}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E3C66D5-58D4-491E-A7D4-64AF99AF6E8B}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5EC4D34-77DA-4F7A-B8C4-8A910C1C1CFE}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{82B02373-B5BC-11CF-810F-00A0C9030074}\InprocServer32\11.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91493448-5A91-11CF-8700-00AA0060263B}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{01BE4CFB-129A-452B-A209-F9D40B3B84A5}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8D4F994C-EBBE-4F8D-BA4B-AE20CD36E72D}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CD7791B9-43FD-42C5-AE42-8DD2811F0419}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F8CF7A98-2C45-4c8d-9151-2D716989DDAB}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020820-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020800-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99E0D1EC-0A0D-4E50-B8A1-82A8B6ECE5CB}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E170-0000-0000-C000-000000000046}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91493446-5A91-11CF-8700-00AA0060263B}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9800F18F-3D86-4744-A7D0-540989C86D7B}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7DFFDF1-BD1F-450A-B98D-96B6D30BA4C1}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E174-0000-0000-C000-000000000046}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D0B22D03-D05D-4C6D-8AB7-9392E84A87B9}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{760681E7-B985-41CE-BCBE-2985A1DFC61C}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4693FF15-B962-420A-9E5D-176F7D4B8321}\InProcServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{42089D2D-912D-4018-9087-2B87803E93FB}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{82B02375-B5BC-11CF-810F-00A0C9030074}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7FAC39E-7FF1-49AA-98CF-A1DDD316337E}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{000209F5-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AFE9E2F0-5BBA-4169-A33B-EE3727AC3482}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{97A2762C-403C-4953-A121-7A75ABCE4373}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020812-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3BE786A2-0366-4F5C-9434-25CF162E475F}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDEADEF5-C265-11D0-BCED-00A0C90AB50F}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F0B4F6AD-5E09-4CB1-B763-EC390CBDE51D}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5A1DCFD3-7982-48F2-8A3D-5C35272862DE}\InProcServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E174-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E187-0000-0000-C000-000000000046}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE39F3DA-1B13-11D0-887F-00A0C90F2744}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6F3DD387-5AF2-492B-BDE2-30FF2F451241}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F90DFE0C-CBDF-41FF-8598-EDD8F222A2C8}\InProcServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20E823C2-62F3-4638-96BD-90F4F6784EBC}\InProcServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3FD37ABB-F90A-4DE5-AA38-179629E64C2F}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\is-GNU8R.tmp\world_of_tanks_install_eu_cywi9v4rn4uf.tmp N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\is-9TRBT.tmp\world_of_tanks_install_eu_cywi9v4rn4uf.tmp N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriverRenderFilter.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db-journal C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\AnyDeskPrintDriver-manifest.ini C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriver.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriver-manifest.ini C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\anydeskprintdriver.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\SET5AE0.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\SET5AE1.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\AnyDeskPrintDriver.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\AnyDeskPrintDriverRenderFilter-PipelineConfig.xml C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\SET5AE2.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\SET5ACD.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-shm C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\SET5AE1.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriver.gpd C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db-shm C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\SET5ADF.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-wal C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\AnyDeskPrintDriverRenderFilter.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\SET5ACE.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\anydeskprintdriver.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
File created C:\Windows\SysWOW64\Elevation.tmp C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\SET5ACD.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log \??\c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db-wal C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\SET5ACE.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\SET5ADF.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\SET5AE2.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\AnyDeskPrintDriver.gpd C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriverRenderFilter-PipelineConfig.xml C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\SET5AE0.tmp C:\Windows\system32\DrvInst.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Mozilla Firefox\nsmB098.tmp\updater.exe C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dummy.aff C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ja-jp\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\plugin.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\css\main.css C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\selector.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\nl-nl\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons_hiContrast_wob.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\s_radio_unselected_18.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\da-dk\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\css\main-selector.css C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-cn\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\hu-hu\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\selector.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected] C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\text_2x.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ja-jp\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\zh-cn\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-ae\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\hr-hr\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-ae\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\example_icons.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\download-btn.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\selector.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fi-fi\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ja-jp\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\protect_poster.jpg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\appstore.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\large_trefoil_2x.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_gridview_selected-hover.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hu-hu\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\js\plugin.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ko-kr\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-tool-view.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\da-dk\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\css\main-selector.css C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\uninstall.log C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\bg_patterns_header.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ca-es\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-ae\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fr-fr\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\stop_collection_data.gif C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nb-no\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\root\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Program Files\Mozilla Firefox\nsmB098.tmp\pingsender.exe C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File created C:\Program Files\Mozilla Firefox\nsmB098.tmp\nssckbi.dll C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_folder-hover_32.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_invite_24.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\uk-ua\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fullscreen-press.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\plugin.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification \??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-il\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\cs-cz\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\plugin.js C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Info2x.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_filetype_psd.svg C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress-indeterminate.gif C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\arrow-up.png C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\cs-cz\ui-strings.js C:\Windows\syswow64\MsiExec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\UKRAINE.TXT C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat C:\Windows\System32\Conhost.exe N/A
File opened for modification C:\Windows\Installer\MSI9C2.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\adobearmhelper.exe.BDCA7721_F290_4124_BBED_7A15FE7694EB C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification \??\c:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140_1.dll_x64 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\ZQUHWPII5T\Policy.14.0.Office.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\assembly\temp\JOTVNUT55B\Microsoft.VisualStudio.Tools.Office.ContainerControl.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat C:\Windows\System32\Conhost.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\MakeAccessible.api_NON_OPT C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1B8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\rdrservicesupdater.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AdobeLinguistic.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ROMANIAN.TXT C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\H5FIQOW824\Policy.11.0.Microsoft.Vbe.Interop.config C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140.dll_x64 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE01.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\assembly\pubpol40.dat C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\NOMGO84WMJ\Microsoft.Office.Tools.Common.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\APIFile_8.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Checkers.api C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\assembly\temp\3RHB151D96\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification \??\c:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vcruntime140.dll_x86 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CP1252.TXT1 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\KMY0QY93EJ\Policy.12.0.Microsoft.Office.Interop.SmartTag.config C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Accessibility.api_NON_OPT C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\pubpol31.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Multimedia.api_NON_OPT C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\QRCode.pmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1E33.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\YY8EJV7BAO\Policy.14.0.Microsoft.Office.Interop.PowerPoint.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat C:\Windows\System32\Conhost.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat C:\Windows\System32\Conhost.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\assembly\temp\FI07U7OA9D\Microsoft.Vbe.Interop.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\NI1SQC1OR6\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\J478VZTNN7\Policy.12.0.Microsoft.Office.Interop.Access.Dao.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\54JA5MLRVS\Policy.14.0.Microsoft.Office.Interop.Access.Dao.config C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\YY8EJV7BAO\Policy.14.0.Microsoft.Office.Interop.PowerPoint.config C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\pubpol33.dat C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000b201ae15c8733f580000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000b201ae150000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900b201ae15000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1db201ae15000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000b201ae1500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A} C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\AppName = "Zoom.exe" C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Zoom.exe = "11000" C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoomus C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A} C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin" C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AC06A6F-4C88-4707-8DEC-61017CB50E1E} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\zoommtg\WarnOnOpen = "0" C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\zoomus\WarnOnOpen = "0" C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BD57A9B2-4E7D-4892-9107-9F4106472DA4} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ZOOMMTG C:\Users\Admin\AppData\Local\Zoom\uninstall\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoommtg C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B723F941-52A2-4392-B500-60F3889659B4} C:\Windows\syswow64\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7278BD0-7970-47D6-8954-99B2343EED88} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ZOOMUS C:\Users\Admin\AppData\Local\Zoom\uninstall\Installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A} C:\Users\Admin\AppData\Local\Zoom\uninstall\Installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0 = 4d736f3a3a436865636b73756d52656769737472793a3a446174617c75696e7436345f747c383730333734363337363638303535323239353b456373436f6e666967526573706f6e7365446174617c7b202256657222203a2022696e7433325f747c30222c2022436f6e6649647322203a20227374643a3a77737472696e677c502d522d313039383135382d312d352c502d522d37363735372d312d322c502d522d35343930332d312d332c502d522d32363134362d372d31372c502d442d32393633352d312d312c502d442d32373038372d312d392c502d522d37393638382d312d332c502d522d35333533322d312d352c502d522d35313433362d312d362c502d522d35313432372d31382d31322c502d522d34303436342d31382d392c502d582d39383531382d362d392c502d522d33383339302d31382d32312c626c6f636b6564677261706869637361646170746572353a3437353839392c502d522d33353039392d322d342c502d522d36313430382d31382d332c502d522d35353734362d322d352c502d522d35333531322d312d342c502d522d34363937342d31382d31382c502d522d33383935332d312d31312c502d522d33363535312d31382d31382c502d522d37313431342d312d362c502d522d34303235332d362d31392c502d522d34303235342d362d31382c502d522d33353430312d362d372c502d522d33323130372d32322d32322c502d522d33393134362d31342d31352c502d522d33393134372d31342d32302c502d522d32383534362d362d31312c502d522d32383136352d362d32382c502d522d32343938302d382d34382c502d522d32343339302d352d31322c502d522d31383237392d322d36352c502d442d33343230302d342d352c502d522d35313134352d322d372c502d522d32393932382d322d32302c502d522d36373933322d312d342c502d522d36373230312d312d342c502d522d36343534352d312d342c502d522d36343033352d312d342c502d522d35333531352d31382d392c502d522d35333238302d312d362c502d522d35323234372d312d352c502d522d35313935382d312d352c502d522d35313834322d312d352c502d522d35313237372d322d362c502d522d34373435312d31382d32302c502d522d34353931392d31382d31392c502d522d34353038352d31382d31322c502d522d34313434322d31382d31382c502d522d33383038352d31322d392c502d522d31383734342d362d32322c502d442d33343233392d312d362c502d522d313033343136392d31302d372c502d582d313135373230322d322d332c502d452d32383637372d43312d332c502d522d313135373230382d342d352c502d522d35353132322d382d382c502d522d35303235352d31302d392c502d522d34343930372d312d392c502d522d34353331342d31302d31362c502d522d34343936352d43312d362c64683568303436393a3439363034392c502d452d33383233312d43312d342c502d522d39343536302d31342d31322c502d522d39343138392d31342d31332c502d522d39333838322d31342d32362c502d522d35343732382d31362d32332c502d522d35343639382d31362d31362c502d522d35343635382d31382d31392c502d522d33383330362d31382d332c502d522d33353731372d352d33302c502d522d33343031392d342d332c502d582d35333834352d312d392c502d582d35333737322d312d332c502d582d35313739302d312d332c502d452d34323730302d43312d342c502d522d313032353233322d32342d392c502d522d37313335382d312d342c502d522d37303934312d312d342c502d522d36393036352d312d332c502d522d36373136302d312d372c502d522d35393738312d312d342c502d522d35353633312d312d342c502d522d35343231352d312d342c502d522d35333735312d312d342c502d522d35333735322d312d342c502d522d35333532362d312d342c502d522d35323131302d312d342c502d522d34393736352d31352d33322c502d522d34383831382d31372d32352c502d522d35303637392d312d342c502d522d35303438362d31382d31322c502d522d34343833302d31382d31332c502d522d34393431362d342d31342c502d522d34383435372d322d362c502d522d34373937342d31362d31382c502d522d34363534342d31382d31312c502d522d34353630392d31342d362c502d522d34353139372d322d362c502d522d34343034362d31382d31312c502d522d34343031352d31382d32302c502d522d34333732332d322d362c502d522d34313734322d31382d33322c502d522d34303938302d31382d31362c502d522d34303335392d322d31302c502d522d33393032392d352d31382c502d522d33383833352d31382d34382c502d522d33373637362d31382d34362c502d522d33363331302d342d352c502d522d33353934352d31302d352c502d522d33353134332d342d342c502d522d33333535332d342d362c502d522d33333533362d31322d31332c502d522d32393830392d312d372c502d522d32363936382d332d392c66697365723139303a3337373730342c686170707930333137323032302d313a36313937372c686170707930323036323032302d303a32383432382c502d522d35333534352d342d352c502d522d35303731312d31382d31312c502d522d34393733362d362d32322c502d522d34383436372d31382d31382c502d522d33323130362d372d33332c502d522d33303038352d312d392c502d522d32393133382d33382d38332c502d522d32393331352d33362d36392c502d522d32353030392d312d382c502d522d32343336332d312d31332c502d522d32313633312d31302d36342c502d522d31393839382d312d32322c502d522d31393831342d312d36322c502d522d31393031322d312d35372c502d582d313031353535342d312d352c502d582d35303232302d312d332c502d582d34393733302d312d332c502d522d36393334372d312d352c502d522d36343537342d312d342c502d522d35343131362d312d342c502d522d35333538352d31382d31382c502d522d35323539342d31382d352c502d522d35323338362d312d342c502d522d35303938302d322d342c502d522d35303933382d312d342c502d522d35303135322d31382d32302c502d522d34393137352d31382d32322c502d522d34373236302d31382d32332c502d522d34343135362d31382d32362c502d522d34333238342d31382d31392c502d522d34333238352d31322d32322c502d522d34323438322d312d342c502d522d34303939302d31322d31352c502d522d33393333332d31382d32382c502d522d33353433392d31322d32312c502d522d33333231352d31382d31392c502d522d33313335322d31322d32352c502d442d33343236392d322d352c6772736b693435353a3232373433362c67727573653438383a31393737322c677269636f3430363a31393737372c502d522d34393833302d31382d31352c502d522d34303538362d31382d32372c502d522d33323939362d31382d32342c502d442d34303331362d392d352c502d522d35303432392d31382d382c502d522d36353239352d31382d33302c502d522d36313836312d312d342c502d522d36313733372d312d342c502d522d35313737372d31382d382c502d522d35303932302d312d362c502d522d35303336362d31382d31392c502d522d33353938352d31342d32332c502d522d33353839312d31382d352c502d522d33323030342d322d352c502d522d36383333362d322d342c502d522d36373238362d322d362c502d522d35313531332d322d342c502d522d37393936332d312d322c502d522d35323034332d312d332c502d522d35313736342d312d342c502d522d34393338382d322d362c502d522d34383333352d342d31362c502d522d34373330382d332d392c502d522d34323339322d322d342c502d522d33393037332d312d352c502d522d313132333337362d31302d382c502d522d313030393835352d31322d31342c502d522d39383835362d31382d34382c502d522d33383431302d31382d32322c502d582d313031393538312d312d332c502d582d313030363137342d312d352c502d522d36363433362d312d342c502d522d36323837332d312d342c502d522d35313039372d312d352c502d522d35303730362d31382d372c502d522d35303035352d31382d372c502d522d34393331352d31382d352c502d522d34323636302d31382d33352c502d522d33363634392d382d392c6f656d69633633393a3339373735332c6f65616c6c3834333a3337353838372c502d522d34323337392d322d332c502d522d34323337382d322d332c502d522d36363533392d312d342c502d522d36363533382d312d342c502d522d36353237382d312d342c502d522d36353237392d312d342c502d522d35393138302d312d342c502d522d34383037302d312d352c502d522d34373338362d312d342c502d522d35353334322d322d322c502d522d35333337372d322d362c502d522d35323438312d322d352c502d522d34393735392d322d382c502d522d34363130302d32302d392c502d522d33383531302d322d31302c502d522d33373535302d32302d31332c502d522d33323138362d32382d32392c502d522d35383133352d322d342c502d522d35363631382d312d332c502d522d35363032372d312d342c502d522d36313731382d31382d332c502d522d34363134352d31382d31382c502d522d33333839322d312d382c502d522d33333639362d312d352c502d522d35353734392d312d342c502d522d35333636322d312d342c502d522d35323234362d312d342c502d522d35323234352d312d342c502d522d35323233382d312d352c502d522d34333634342d362d31332c502d522d33393931322d312d322c502d522d33393238332d342d31302c502d522d35303338302d31382d31382c502d522d35303337392d31382d31372c502d522d36383134362d312d352c502d522d36333430392d312d352c502d522d35303534322d31382d31342c502d522d35303530302d31382d31362c502d522d34383336352d31382d32342c502d522d34383136312d31382d33322c502d522d34363539372d312d342c502d522d33333733372d312d342c502d452d32393636322d322d332c502d522d32393330332d322d32302c502d522d35363635342d322d342c502d522d35333235362d322d31312c502d522d35313730332d312d352c502d522d35303133332d322d392c502d522d34373234322d31382d31312c502d522d34363431302d312d352c502d522d34353535302d31382d34362c502d522d34353439302d31362d392c502d522d34343838352d31382d32302c502d522d34323531322d312d332c502d522d34303136392d382d31332c502d522d33393730302d322d372c502d522d33373331332d31382d32322c502d522d33363636342d342d342c502d522d33353437362d322d352c502d522d33353430372d342d332c502d522d33353233372d31342d31312c502d522d33353135302d322d342c502d522d33353132392d322d342c502d522d33353035362d342d352c502d522d33343838392d382d342c502d522d33343034342d322d342c502d522d33333731382d362d352c502d522d33333435392d312d352c502d522d33333138382d31382d31342c502d522d33303239322d342d372c502d522d32383634342d312d342c502d522d32343033372d312d372c502d522d32333434352d332d372c502d522d32333433342d332d372c502d522d32333430332d332d382c502d522d31383531332d312d33302c502d442d33343639392d342d342c502d442d33343639372d322d342c502d442d33343637352d312d342c502d442d33343637332d312d342c502d442d33343635342d312d342c502d442d33343538372d332d352c502d442d33343236362d312d342c502d442d33343236322d312d352c502d442d33343236302d312d352c502d442d33343235382d322d352c502d442d33323436352d312d352c502d442d33323435392d322d342c502d442d33323435382d352d342c502d582d313038333432372d322d352c502d522d36393532392d312d352c502d522d36353031312d312d332c502d522d35333632322d31382d342c502d522d35303534312d322d372c502d522d34393839332d32322d392c502d522d33363933322d322d31332c6a683861623434373a3338303633332c502d522d36393233322d31382d31332c502d522d32333638312d322d372c502d442d33323530322d322d332c502d442d33323530312d322d332c502d442d33323431352d322d332c502d522d36343531332d31382d31312c502d522d35313931362d38342d33312c502d522d313137353739332d312d332c502d522d313135373537302d312d332c502d522d313133323832312d322d342c502d522d313132393233342d312d332c502d522d313131393031332d312d332c502d522d313039383739362d312d332c502d522d313039343434352d312d332c502d522d313038303431322d312d332c502d522d313036393736392d322d342c502d522d313036383131352d312d332c502d522d313034353131382d322d342c502d522d32353236392d31342d32312c502d522d313034343430382d312d332c502d522d313034343134312d372d392c502d522d313033373838372d312d332c502d522d313033373837392d312d332c502d522d313033363239332d312d332c502d522d313033363239322d312d332c502d522d313033363238392d322d342c502d522d313033363238382d312d332c502d522d313033363036382d322d342c502d522d313033353933332d322d342c502d522d313033353134392d322d342c502d522d313033333831372d312d332c502d522d313032383136382d312d332c502d522d313030393731372d332d352c502d522d313030303036312d322d342c502d522d3131373534382d322d342c502d522d3131313638322d312d332c502d522d3130353733312d33362d33382c502d522d3130343433352d31332d31352c502d522d3130303239342d312d332c502d522d39393633332d312d332c502d522d39383932392d322d342c502d522d39383235302d312d332c502d522d39343239392d312d332c502d522d39333037372d312d332c502d522d38363131382d312d332c502d522d38303531372d362d382c502d522d37383131322d342d362c502d522d37373134302d322d342c502d522d37363931382d322d342c502d522d37363732312d312d332c502d522d37353434302d322d342c502d522d37333637362d312d332c502d522d37323434392d372d31302c502d522d37323033302d342d362c502d522d36383036392d322d342c502d522d36363937352d312d332c502d522d36353536372d312d332c502d522d36323231322d322d342c502d522d36303630322d332d352c502d522d35323633332d312d332c502d522d35323137312d322d342c502d522d35323031312d322d342c502d522d35313932312d382d31302c502d522d35313235382d382d31302c502d522d35303735322d322d342c502d522d35303638312d322d342c502d522d35303539392d342d362c502d522d35303539362d342d382c502d522d35303535332d312d332c502d522d34393539372d332d352c502d522d34393435382d322d342c502d522d34383533302d372d392c502d522d34373934382d312d342c502d522d34363538302d332d352c502d522d34363438342d31302d31322c502d522d34363132322d312d332c502d522d34353835382d322d342c502d522d34333936362d322d342c502d522d34333530322d31392d32312c502d522d33383234382d31382d32322c502d522d34313433302d312d332c502d522d34303735312d382d31302c502d522d34303237332d342d362c502d522d33393233382d352d372c502d522d33383638322d332d352c502d522d33373538382d322d342c502d522d33343335352d382d31302c502d522d32363236362d342d392c502d522d32363833342d332d382c502d522d32343636322d31362d32322c502d522d32373437392d362d31312c502d522d32363035362d372d31352c502d522d32373030362d372d31322c502d522d33303333382d332d372c502d522d33303137382d37392d38312c502d522d33303035332d382d31302c502d522d32373435382d312d352c502d522d32353832322d31362d31392c502d522d32353038332d362d392c502d522d32343639302d34312d34352c502d522d32343638392d322d352c502d522d32343636362d322d352c502d522d32343636332d362d31312c502d522d32343635392d372d31302c502d522d32333734342d372d392c502d522d32333733392d372d392c502d522d32333733362d31342d31372c502d522d32333733342d372d392c502d522d32333733302d32312d32342c502d522d32333732332d31302d31322c502d442d33323538382d312d332c502d442d33323533342d312d332c502d442d33323532342d312d332c502d442d33323531382d312d332c502d442d33323531322d312d332c502d442d33323530392d312d332c502d442d33323438352d312d342c502d442d33323438342d312d342c502d442d33323430352d312d332c502d522d313038373134312d342d372c502d522d34393136302d31322d31322c502d522d34373630312d31382d31332c502d522d34363833342d31322d31342c502d522d34363230322d31382d31312c502d522d34343031382d31382d31332c502d522d34333335352d31382d31322c502d522d33353333372d31362d372c502d522d33333931362d312d352c502d522d33333538302d382d392c502d582d3131373430302d312d332c502d522d35393137352d31382d342c502d522d35333239322d31342d31302c502d522d34393133302d31382d32332c502d522d34363931332d31382d382c502d522d33373434392d31382d31352c75786d656469756d69636f6e6c756d696e616e63653a3335333435352c502d522d34383534392d31382d31312c502d522d31393236322d312d31322c502d452d34343737342d322d392c502d522d34343836392d31362d31362c502d522d33333931382d312d31312c502d522d313132383633302d312d372c502d522d313039383431322d312d352c502d522d313039313236372d312d33392c502d522d38313732302d312d322c502d522d35383430362d312d352c502d442d35303639372d322d342c502d442d32393731392d312d312c502d442d32393731382d312d312c502d442d32393539332d312d36222c2022434322203a20227374643a3a77737472696e677c4742222c2022446566436f6e667322203a20227374643a3a77737472696e677c6f6673683663326231746c61316133312c6f666372756934797664756c626633312c6f6668706578336a7a6e65706f6f3331222c202245787054696d6522203a2022696e7436345f747c31373037313135313038222c20224554616722203a20227374643a3a77737472696e677c5c22766d6574346a792f676131614d2f6656614154306a4d7259534654664f6967764d4553557a334e68342f553d5c22222c202246434d617022203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e4669785468656d654368616e676551727952657061696e74222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e4c696e6b65 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.2 = 742e4f66666963652e46696c65494f2e4872446f776e6c6f616454656d704173796e634c4d54222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e496e637265617365644279746573427566666572657257696e646f7753697a65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e496e6372656d656e74616c4f70656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4973496e74656c6c6967656e745361766550726f6d7074537572766579456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e49734f70656e4572726f724469616c6f6741626c65546f42654f76657272696464656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4c6f636174696f6e5069636b65725468726565446f74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4e65766572466f726365486f73744d6f6465496e436f6c6c61625265636f6e63696c6174696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4f63735072656665746368496e7465726e616c436f6f7264696e6174696f6e456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4f637369576f726b696e67436f7079577269746546696c654d61785265747279436f756e74222c20225622203a2022696e7433325f747c3522207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4f637369576f726b696e67436f7079577269746546696c655265747279496e74657276616c496e4d696c6c697365636f6e6473222c20225622203a2022696e7433325f747c31303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e5265667265736855706f6e526573746f726174696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e536572766572496e666f4d736f446176436865636b456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e53686f756c645265717565737451756572794578706563746564416363657373222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e536b6970556e636f6d70617261626c65446f776e6c6f61645265766973696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e536b6970576563496e6974447572696e674f70656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e53747269637453746f726167654c6966656379636c65222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e537472697056657273696f6e494446726f6d55726c4265666f726553656e64696e67546f437369222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e5472696767657253796e63496e7369646548616e646c6542617365446f776e6c6f61644572726f72222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e556e7365745265736f757263654964496646696c655761734e6f745361766564546f536572766572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e5573654361636865644e6574776f726b436f6e6e656374696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e5573655265666163746f72656453796e634368616e6e656c496e486f73745265766973696f6e7355706461746572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e557365586d6c48747470436f6d706f6e656e74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e56616c69646174654d617050617468734c697465222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e44656661756c744368616e6e656c436f6f6c646f776e2e42616e6e6572222c20225622203a2022696e7433325f747c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e456e61626c6543616d706169676e436c69656e74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e456e61626c654d6f6465726e466c6f7757697468546965726564476f7665726e616e6365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e456e61626c654d756c74694c61756e636853757276657943616d706169676e73222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e456e61626c6554656c656d657472794576656e745472616e736475636572222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e496e7369646572546f6173744c61756e63686572456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e4d617843616d706169676e73506572417070222c20225622203a2022696e7433325f747c323522207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e4d6178446961676e6f73746963436f6c6c656374696f6e73506572417070222c20225622203a2022696e7433325f747c323022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e4e6f746669636174696f6e4c61756e63686572456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e50726976616379436865636b466f724e6f6e436f6e74726f6c6c657253657276696365466f72537572766579222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e526f616d696e67426173656443616d706169676e537461746573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e526f616d696e674261736564476f7665726e65644368616e6e656c537461746573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e526f616d696e67426173656453757276657941637469766174696f6e5374617473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e53757276657973456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e41766f6964556e6e656365737361727944657669636552656372656174654f6e446973706c61794368616e6765222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e436865636b507265666572436d644c697374466f7243616c6c436d64546f7373556e646f222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e456e73757265496e6b5374796c65496e69745769746853757266616365222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e4669784465766963655265456e756d65726174696f6e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e52756e4d6f646966794465736372697074696f6e436f6d6d616e6441734d6f6465726e496e457863656c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e5365745465787446696c6c546f426c61636b466f7253656c6563746564486967686c69676874222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e5365745465787446696c6c546f426c61636b466f7253656c6563746564486967686c6967687432222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e5573655368617265644458474941646170746572456e756d65726174696f6e4c6f676963466f7253746172747570222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e436f6d6d616e64732e456e61626c6553657450696374757265417370656374526174696f436d64222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e436f6d6d616e64732e456e61626c655365745461626c655374796c65436d64222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e456e61626c654368616e676550696374757265436f6d6d616e64466f72426c697046696c6c73222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e456e61626c655356474c696e65416e6446696c6c436f6d6d616e6473466f72536861706573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e47657443616c6c537461636b466f7246576964656e222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e49636f46696c746572456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e496e6b2e44656c657465416c6c496e6b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4d617833444d6174657269616c5465787475726553697a65222c20225622203a2022696e7433325f747c3430393622207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4d6f64656c33444f6e6c696e652e426c6f636b6564436f756e7472696573222c20225622203a20227374643a3a77737472696e677c61663b647a3b62683b636e3b63753b65673b69643b69723b69713b6a6f3b6b773b6c623b6c793b6d723b6d613b6b703b6f6d3b71613b73613b73643b73793b746e3b74723b61653b796522207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4d6f64656c33444f6e6c696e652e426c6f636b65644c616e677561676573222c20225622203a20227374643a3a77737472696e677c74722d74723b7a682d636e3b61722d73613b69642d696422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4d756c74695363656e654465707265636174696f6e732e476574554957696e646f7746726f6d55736572496e74657266616365222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e526574727943726561746544324431466163746f72794f6e44656c61794c6f61644661696c7572654d617852657472696573222c20225622203a2022696e7433325f747c323022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e536b69704661696c656446436f70794f50544573496e46436f7079222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e536e61704c696e655769647468496e50656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e53746172744174506172656e7454696d65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e537570706f727454657874496e535647546f5368617065436f6e76657273696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e557365417263546578747572654265666f7265443244222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e5573654c6973744e6f6465222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e5573654c6f676963616c445049466f72566563746f72496d6167655265736f75726365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e557365536d617274496e6b416e616c797a6572466f72496e6b456469746f72222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726f7774682e41697254726166666963436f6e74726f6c2e466f726365456e67696e6553657475704f6e4247546872656164222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726f7774682e41697254726166666963436f6e74726f6c2e4f7074696d697a65526f616d696e6753657474696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726f7774682e41697254726166666963436f6e74726f6c2e547275737442617244656c6179466f726d6174222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726f7774682e41697254726166666963436f6e74726f6c2e556e666f726d6174746564427573426172222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e48656c702e496e636c756465436f6d6d616e6454797065222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e4144414c5468726f74746c696e67456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e41766f696453656e64696e675368617265506f696e7448656164657273546f5075626c6963456e64706f696e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e4368616e6765476174652e4f6e6c7950657273697374536368656d65466f7253657276657255726c73222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e456e61626c6557616d54656c656d65747279426c6f62222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e456e7375726550726f66696c65466f725072696d6172794964656e746974696573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e49676e6f726544697361626c654144414c61746f7057414d4f76657272696465466f725075726557414d222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e53706f41757468436f6e74657874456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e5573654964656e7469747943726564656e7469616c734661696c757265496e666f222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e55736553706f436f6f6b696546726f6d53616d6554656e616e74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e44617465546f5573654d6963726f736f6674333635466f72436f6e7375 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\ClickToRun\C2RClient\C2RClientReturnCode C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\DeviceId = "0018800C7E4EC303" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.11 = 224576656e74735c22203a207b205c224c6f61644c6963656e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246756c6c56616c69646174696f6e5c22203a207b205c224576656e74735c22203a207b205c224c6f61644c6963656e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2250726f706572746965735c22203a207b205c224576656e74735c22203a207b205c224765744c6963656e736543617465676f72795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f6b656e697a654c6963656e736543617465676f726965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174654c6963656e736543617465676f726965735c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224272616e64696e675c22203a207b205c224576656e74735c22203a207b205c2247657441707056616c75655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657450726f6475637456616c75655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253686f756c645573654d6963726f736f66743336354272616e64696e675c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2254656e616e745c22203a207b205c224576656e74735c22203a207b205c22496e697454656e616e7449645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224e756c5c22203a207b205c225375624e616d657370616365735c22203a207b205c22466574636865725c22203a207b205c224576656e74735c22203a207b205c224765744e756c4f626a656374466f724964656e746974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246657463684d6f64656c46726f6d4f6c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224765744c6963656e73654665617475726573466f724964656e746974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243726561746552657175657374426f64795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d6f64656c5c22203a207b205c224576656e74735c22203a207b205c224765744c6963656e736543617465676f72795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22476574416c6c4c6963656e736543617465676f726965735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446573657269616c697a655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225061727365526177526573706f6e73655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243616e52756e46656174757265526573756c74735c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224d6f64655c22203a207b205c224576656e74735c22203a207b205c224765744d6f64655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224170695c22203a207b205c224576656e74735c22203a207b205c22437265617465526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253656e64526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656365697665526573706f6e73655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2247657453746f72616765506174685c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61644d6f64656c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22476574556e766572696669656453746f72616765506174685c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61644d6f64656c5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656e616d6546696c65546f55736555706461746564486173685c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2256616c69646174696f6e5c22203a207b205c224576656e74735c22203a207b205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2256616c696461746f725c22203a207b205c224576656e74735c22203a207b205c224d61746368696e67486172776172656449645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d2c205c22466c6f77735c22203a207b205c224576656e74735c22203a207b205c22536561726368466f72534341546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4d6f786965222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74466c61675c22203a203438383936207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4f6666696365222c20225622203a20227374643a3a77737472696e677c7b205c224c6f636b65645c22203a2066616c73652c205c225375624e616d657370616365735c22203a207b205c224e61747572616c4c616e67756167655c22203a207b205c224c6f636b65645c22203a2066616c73652c205c225375624e616d657370616365735c22203a207b205c224372697469717565735c22203a207b205c224c6f636b65645c22203a2066616c73652c205c224576656e74735c22203a207b205c2250726f636573734175676c6f6f704372697469717565735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f636573734175676c6f6f7041646443726974697175655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4f75746c6f6f6b222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224465736b746f705c22203a207b205c225375624e616d657370616365735c22203a207b205c2253796e635c22203a207b205c224576656e74735c22203a207b205c2253796e6350757267654f66666c696e654974656d735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2256696577735c22203a207b205c224576656e74735c22203a207b205c224872566965774c6f6164436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22566965774d6f64655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e506572736f6e616c697a6174696f6e222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2246696c65496e736967687443616368654d616e616765725c22203a207b205c224576656e74735c22203a207b205c2250757267654578706972656443616368655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c225369676e616c50726f636573736f725c22203a207b205c224576656e74735c22203a207b205c2253656e645369676e616c5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e50726f6772616d6d6162696c697479222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2254656c656d657472795c22203a207b205c224576656e74735c22203a207b205c22446e61416464496e4c6f6164586c6c46696c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446e61416464496e4c6f616445787465726e616c446c6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446e61416464496e4c6f6164446e6146696c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e43726173685c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22416464696e735c22203a207b205c224576656e74735c22203a207b205c22417070416464496e4c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22417070416464496e55736167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e446f634c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7465726e616c536574436f6e6e6563745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e5365637572697479222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22436c705c22203a207b205c224576656e74735c22203a207b205c2246657463684c6162656c7346726f6d5365727665725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657444656661756c744c6162656c49445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744c6162656c735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744f7574636f6d6573466f724c6162656c4368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6162656c696e67457870657269656e63655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224164644c6162656c4f627365727665725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656d6f76654c6162656c4f627365727665725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d6163726f5c22203a207b205c224576656e74735c22203a207b205c22426c6f636b4d6163726f46726f6d496e7465726e6574506f6c69637953657474696e675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22456e636f756e74657265645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22456e61626c65645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2246696c65426c6f636b5c22203a207b205c224576656e74735c22203a207b205c2246696c65426c6f636b496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224f43585c22203a207b205c224576656e74735c22203a207b205c2254727573746564456e636f756e7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224e6f6e54727573746564456e636f756e7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22416363657373456e636f756e7465725c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22426c6f636b6564657874656e73696f6e735c22203a207b205c224576656e74735c22203a207b205c2246696c65457874656e73696f6e4c69737446726f6d536572766963655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22536563757265526561646572486f73745c22203a207b205c224576656e74735c22203a207b205c224f70656e496e4f53525c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54617267657465644d6573736167696e67222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224275736261725468656d6553656c656374696f6e5374617475735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54656c656d65747279222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22436c69656e7453616d706c696e674f76657272696464656e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253797374656d4865616c74684d657461646174614e6574776f726b436f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224576656e7451756172616e74696e65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164586d6c52756c65735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2250726f6365737349646c6551756575654a6f625c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22466c7573684576656e744275666665725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2254656c656d6574727953656e74696e656c56616c75655c22203a207b205c224576656e74466c61675c22203a2030207d207d2c205c224c6f636b65645c22203a2066616c7365207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54656c6c4d65222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2254656c6c4d655741435c22203a207b205c224576656e74735c22203a207b205c225175657279526573706f6e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54657874222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c225265736f75726365436c69656e745c22203a207b205c224576656e74735c22203a207b205c22446573657269616c697a655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656164466f6e74456c656d656e74735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2250757267654d756c7469706c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561645265736f757263654d657461446174615c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2257726974655265736f757263654d657461446174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22474449417373697374616e745c22203a207b205c224576656e74735c22203a207b205c225265676973746572436c6f7564466f6e7443616c6c6261636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2248616e646c6543616c6c6261636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22466f6e744d616e6167657244657374727563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464436c6f7564466f6e745265736f757263655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22466f6e74537562737469747574696f6e5c22203a207b205c224576656e74735c22203a207b205c22436f6c6c656374466f6e74537562737469747574696f6e55736167655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e5472616e736c61746f72222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22416c7465726e6174655472616e736c6174696f6e735265747269657665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6e7465787475616c53756767657374696f6e734c6f616465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745465787453656c65637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c61746564466565646261636b547269676765725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c6174696f6e43616e63656c6c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c6174696f6e53756767657374696f6e436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578636c756465644c616e677561676541646465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578636c756465644c616e677561676552656d6f7665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d6963726f666565646261636b566f746553656c65637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6f786d6c5472616e736c617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657474696e6773436c6f7365645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657474696e67734f70656e65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536f75726365446f63756d656e744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536f75726365546172 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.7 = 6c69746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572476574486f73744361706162696c69746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e6447657455736572417474726962757465735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c70657247657455736572417474726962757465735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e644765744c696e6b735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c7065724765744c696e6b735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e645365744c696e6b735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c7065725365744c696e6b735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e644765745065726d697373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c7065724765745065726d697373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e645365745065726d697373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c7065725365745065726d697373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572436865636b5065726d697373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c70657247657453686172696e67496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572426567696e5365745065726d697373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c70657247657453686172696e6756657273696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d6f6465726e4261636b73746167655c22203a207b205c224576656e74735c22203a207b205c224261636b737461676550616765436f6e74726f6c55736572437265617465436f6e74726f6c557365725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224465736b746f704261636b73746167654e617669676174696f6e5c22203a207b205c224576656e74735c22203a207b205c224e617669676174696f6e5461736b496e766f6b655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225461736b496e766f6b654f6e52656164466f6c6465725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224465736b746f7053686172696e675c22203a207b205c224576656e74735c22203a207b205c22436f6c6c616250616e6555736572536574436f6c6c616250616e654d6f64655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6c6c616250616e6555736572436c69636b53686172696e674c696e6b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6c6c616250616e6555736572497343757272656e74446f63456e746572707269736550726f7465637465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f63756d656e7473536861726564576974684d655c22203a207b205c224576656e74735c22203a207b205c22446f63756d656e7473536861726564576974684d6552657175657374446f63756d656e7473536861726564576974684d654173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7473536861726564576974684d6552657175657374436163686564446f63756d656e7473536861726564576974684d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7473536861726564576974684d654964656e74697479436163686552657175657374526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7473536861726564576974684d6552657175657374436163686564446f63756d656e7473466f724661696c757265735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22486973746f727955585c22203a207b205c224576656e74735c22203a207b205c224163746976697479506167654d616e6167657252656769737465725669736962696c697479436f6e74726f6c6c65725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224275734261724f70656e4c6f63616c56657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434163746976697469657341676772656761746f72496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434163746976697469657341676772656761746f7252657475726e4572726f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243437369446f63756d656e74537461746545787465726e616c556e7265676973746572446f63756d656e744c697374656e65725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243486973746f727941637469766974696573466163746f727952656672657368416674657252656e616d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f62616c744163746976697469657346696c6556657273696f6e4c697374557064617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243536f61704461746150726f7669646572496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f727950616765436c6f73655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f727950616765436f707956657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f727950616765436f707956657273696f6e496e7465726e616c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f7279506167654372656174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f727950616765526573746f726556657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f72795061676553656c65637456657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f727950616e654e6f6e436c69636b61626c654974656d53656c65637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f63616c41637469766974696573426567696e526566726573685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6666696365436f6c6c61624163746976697479436f6d6d616e644d534f446f63756d656e7450726f76696465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e74436865636b4f757446696c65546f4c6f63616c466f6c6465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f67676c65486964655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f67676c6553686f775c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225759574143616c6c6f757453686f7743616c6c6f75745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7365656e416374697669747943616c6c6f757450726573656e7443616c6c6f75745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7365656e41637469766974794765744c6173745669657754696d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7365656e416374697669747946696e6443757272656e74557365724c6f67696e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7365656e416374697669747943616c6c6f7574436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253686f77536d616c6c53637265656e435759574143616c6c6f75745c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d7275416461707465725c22203a207b205c224576656e74735c22203a207b205c224872416464446f63756d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464506c6163655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464446f63756d656e74576974684f7074696f6e7357697468436f6e746578745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464506c616365576974684f7074696f6e7357697468436f6e746578745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464446f63756d656e745061746857697468436f6e746578745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464506c6163655061746857697468436f6e746578745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464446f63756d656e74496e6465785c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464506c616365496e6465785c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22487252656d6f7665506174685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464576974684f7074696f6e7357697468436f6e746578745c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22417070446f63735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745c22203a207b205c225375624e616d657370616365735c22203a207b205c2241637469766174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6173744f70656e6564446f63756d656e744d657461646174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d6f6465726e446f6354656d706c617465536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225361766550726f6d707448656c7065725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e74436861745c22203a207b205c224576656e74735c22203a207b205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e6572436f6e6e65637465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e6572436f6e6e656374696e674576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e6572446973636f6e6e65637465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e6572446973636f6e6e656374696e674576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e65725265667265736850657273697374656e7453746174654173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e65725265667265736850657273697374656e7453746174654173796e63496e7465726e616c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e65725265667265736850657273697374656e7453746174654173796e6352657472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e657253746172745265616c74696d65436f6e6e656374696f6e4c697374656e696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e657253746f705265616c74696d65436f6e6e656374696f6e4c697374656e696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572436f6e6e65637465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572436f6e6e656374696e674576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572446973636f6e6e65637465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572446973636f6e6e656374696e674576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572526562726f61646361737450657273697374656e7453746174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572526562726f61646361737450657273697374656e745374617465496e7465726e616c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572526562726f61646361737450657273697374656e74537461746552657472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572526562726f61646361737450657273697374656e7453746174655265747279496e6e65724c6f6f705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f61646361737465725265667265736850657273697374656e7453746174654173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f616463617374657253746172745265616c74696d65436f6e6e656374696f6e4c697374656e696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f616463617374657253746f705265616c74696d65436f6e6e656374696f6e4c697374656e696e675c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253686172696e6755495c22203a207b205c225375624e616d657370616365735c22203a207b205c22436f6c6c616250616e65557365725c22203a207b205c224576656e74735c22203a207b205c22536861726550616e65436f6d706c657465446973706c61795c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2253686172654469616c6f675c22203a207b205c224576656e74735c22203a207b205c224e61766967617465546f5765624469616c6f675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253656e6441734174746163686d656e745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d2c205c224544505c22203a207b205c224576656e74735c22203a207b205c22506f6c6963794d657461646174615c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c225369746573536572766963654170695c22203a207b205c224576656e74735c22203a207b205c22526571756573744173796e635c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265616446726f6d43616368655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e44796e616d696343616e766173222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224f7574537061636543616e7661735c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2250726f677265737355695c22203a207b205c224576656e74735c22203a207b205c22556e6578706f727461626c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578706f727461626c655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2243616e7661735c22203a207b205c225375624e616d657370616365735c22203a207b205c225765624469616c6f675c22203a207b205c225375624e616d657370616365735c22203a207b205c2242726f777365724576656e7448616e646c65725c22203a207b205c224576656e74735c22203a207b205c224f6e4c6f616465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c224e617669676174696f6e48616e646c65725c22203a207b205c224576656e74735c22203a207b205c224f6e4e61766967617465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d207d207d207d207d22207d2c207b20 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.9 = 4469616c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416761766555784d696e6f72426c6f636b65645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2241707044656c6574656446726f6d446f63756d656e745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224469616c6f67436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224469616c6f674f70656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253686f77496e666f626172436f6e73656e74566965775c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253686f774c6f6164696e6753746174655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253686f775265616374566965775c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22416464696e50726566657463685c22203a207b205c224576656e74735c22203a207b205c22507265666574636849636f6e735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22507265666574636855726c5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225072656c6f61644d616e69666573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253616e64626f78507265666574636855726c5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2241637469766174696f6e5c22203a207b205c224576656e74735c22203a207b205c224352656d6f74657250726f78795c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2253696e676c655369676e4f6e5c22203a207b205c224576656e74735c22203a207b205c22446973706c617953534f436f6e73656e7450616765466f7241706943616c6c5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224578656375746547657453534f546f6b656e496e7465726e616c5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247657441757468546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d2c205c224576656e74735c22203a207b205c224f445041637469766174696f6e466f7254616761353572735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f4450417070436f6d6d616e64735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434f4d416464696e4f7065726174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f4450417070436f6d6d616e647343616368655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f4450417070436f6d6d616e6473496e7374616c6c54696d655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f4450417070436f6d6d616e6473526962626f6e436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224557534c69626c657443616c6c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446565704c696e6b696e67436865636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446565704c696e6b696e67446f63756d656e744f70656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446565704c696e6b696e67446f63756d656e7453686f77547275737455495c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446565704c696e6b696e675472757374526573756c745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224577734c6173745570646174655374617475734974656d436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224577734c6173745570646174655374617475734974656d53686f776e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247656e314163746976697479416767726567617465644261736553756272756c655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247656e314163746976697479416767726567617465644661696c757265436f756e745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247656e3141637469766974794167677265676174656453756363657373436f756e74576974685461675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f44504170704d616e6167656d656e744d656e755c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f4450496e73657274696f6e4469616c6f675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f445050617273654e65774d616e69666573744572726f725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f44505265636f6d6d656e64656447616c6c657279436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f4450526962626f6e427269646765526962626f6e436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f445053616e64626f7841637469766174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f45504d616e696665737450617273696e675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22526962626f6e427574746f6e436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253746f7265557365725374617475735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253746f7265557365725374617475734572726f725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f445041637469766174696f6e466f7254616761353572715c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f44504c6174656e63795c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e466565646261636b222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c2253617665526573706f6e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e46696c65494f222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224353495c22203a207b205c224576656e74735c22203a207b205c225265717565737441646170746572556e657870656374656443616c6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416d49416c6f6e6550726f63657373526573706f6e73655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e73616374656453747265616d446174615570646174655472616e73616374696f6e436f6d6d69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e73616374656453747265616d446174614d657267655472616e73616374696f6e436f6d6d69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224343616368656446696c655363686564756c6546696c6555706c6f6164526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243656c6c53746f726167654f6e426c6f624865617052657175657374526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243656c6c53746f726167654f6e426c6f624865617052657175657374526573756c74434d555c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e49734f6e6c79436c69656e7452657175657374436f6d706c6574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22437369446176436c69656e7453656e64526571756573745374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574446f63756d656e7446726f6d55726c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224343616368656446696c654373694c6f616446696c655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224343616368656446696c654373695361766546696c655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22446f63756d656e74466163746f72794372656174654e6577446f63756d656e745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22446f63756d656e7452656e616d655375626d6974576f726b4974656d5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22464d617050617468735c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22476574536861726555726c466f72436f6e7461696e65724173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22476574536861726555726c466f7246696c654173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22476574576f706955726c46726f6d46696c654964656e7469666965724173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2249446f63756d656e7447657456657273696f6e4c6973745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2249446f63756d656e74526573746f72654173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224973446f776e6c6f616465644261736556616c69644e6f48617368436865636b5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253796e634261636b65645265636f6e63696c65725472795265636f6e63696c65546f4c6174657374416674657256657273696f6e4e6f74466f756e645c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253796e634261636b65645265636f6e63696c65725472616e736974696f6e4f6e6c696e655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2254727944657374726f794f666669636546696c6543616368655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22576f706942726f77736542726f777365546f436f6e7461696e65724173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d207d2c205c225375624e616d657370616365735c22203a207b205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2243616368654f70746963735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f7074696373446f776e6c6f61644572726f72446973747269627574696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f7074696373446f776e6c6f61644572726f72446973747269627574696f6e7337446179735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f70746963734572726f72735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f707469637346696c6553746f726546696c6553697a65446973747269627574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f707469637355706c6f61644572726f72446973747269627574696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f707469637355706c6f61644572726f72446973747269627574696f6e7337446179735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f7074696373576f726b696e67436f707946696c6553697a65446973747269627574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656d6f766546696c65456e7472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f707469637350657246696c655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253746172744f666669636546696c6543616368655c22203a207b205c224576656e74466c61675c22203a203438383936207d207d2c205c225375624e616d657370616365735c22203a207b205c2243656e7472616c5461626c655c22203a207b205c224576656e74735c22203a207b205c22436865636b536368656d6156657273696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22436c65617243616368655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22437265617465446174616261736546696c655573696e6754656d706c6174655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2243726561746544617461536f757263654661696c7572655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2244617461736f757263654f70656e4661696c7572655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2246696c65436163686550726f70657274696573526f774e6f74466f756e645c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224d69677261746546696c654e616d6546726f6d496e695c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22526f77736574556e6b6e6f776e4661696c7572655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22536368656d61557067726164655c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c224661756c744d616e6167656d656e745c22203a207b205c224576656e74735c22203a207b205c224661756c745265636f766572795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224661756c745265706f72745c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d207d207d2c205c2250726f746f636f6c5061727365725c22203a207b205c224576656e74735c22203a207b205c2250617273655572695c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7061636b55726c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496672496e697441726773576f72645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248724c61756e636855726c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22464c6f6164436d644c696e65436f72655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2250726f746f636f6c48616e646c65725c22203a207b205c224576656e74735c22203a207b205c225472794f70656e696e674c6f7248797065724c696e6b496e4e6174697665436c69656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f746f636f6c48616e646c65724d61696e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22556e7061636b4c696e6b5c22203a207b205c224576656e74735c22203a207b205c22556e7061636b4c696e6b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7061636b4c696e6b4173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7061636b4c696e6b5769746848696e745c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c225254435c22203a207b205c224576656e74735c22203a207b205c2246696e6453657373696f6e456e64706f696e7452756e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f63756d656e74536861726555726c5c22203a207b205c224576656e74735c22203a207b205c22556e7061636b536861726555726c416e6448616e646c65526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e556e7061636b55726c436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22486c696e6b5c22203a207b205c224576656e74735c22203a207b205c224d736f4872486c696e6b43726561746546726f6d537472696e675c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d534f5c22203a207b205c224576656e74735c22203a207b205c22434d736f4f4c446f634e657744657374727563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f63616c446f63756d656e74496e666f557073656c6c4576656e745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f63616c446f63756d656e74496e666f466c796f757444726f707065645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2248616e646c65417574684661696c7572655f5573654578697374696e6743726564735f47656e657269634661696c7572655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f4f4c446f6342617365476574504b4d436c69656e7445785c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f536572766572496e666f476574536572766572496e666f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745265636f766572794872476574447270436f72655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745265636f766572794d736f4872426567696e4d6f646966794472705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225469746c654261725361766555694d616e616765725772697465537461747573546f5469746c654261725c22203a207b205c224576656e74466c61675c22203a C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Printers\DevModes2 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property\0018800C7E4EC303 = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000c0b1c22a8a44d24e8b35f7246ae3943900000000020000000000106600000001000020000000f6409377c39eab165533503a99fc3623178bdfaf4ba85778c24bd38d94f3a59b000000000e8000000002000020000000dd9afdda6bc4dc98f21ebda62759361ff3994161a6308c835354ab2d461e782680000000727bf765bedc5d3251d8645aefe1f6163fc38798cdd66439ef5d40b2a603c4cfec58ffe70363a160c0f0930df294b846612792f3de1c54af7c6d7076049a2d77467a617b6b90561a6773ce7416e20b98f95a8e297bc85bf3b9f83a087ff8983a04cd8bbc52102c19025d87bfed4301f3e8e1e3707de65724f5fe8f15af7621ad400000005546942585da59b29cfa35464e3396bdc003970cb518e95025e4b27e188d4535a9144402e5f563fbd8856fcc9a7f65f9261054edfe7c8f679fda105a1cc762c7 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry\Volatile C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|9" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\VersionId = "uint16_t|0" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\24 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.13 = 742e4f66666963652e576f72642e4275666665724f6f6d5265616c6c79426967416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e456e61626c655061747465726e73496e41746e74786e64222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e52616973655569614175746f436f72726563744576656e7457697468456e74697265576f7264222c20225622203a2022626f6f6c7c3122207d205d2c2022464347726f75704d617022203a207b2022464347726f75704d61705f3122203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657231222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373838333230323b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657232222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373838323936373b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657233222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373838333231313b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657234222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373934313932373b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657235222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383732353732343238343635343239363b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b6564477261706869637341646170746572436f756e74222c20225622203a2022696e7433325f747c3522207d205d2c2022464347726f75704d61705f3222203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e476c6f62616c5265736f75726365496e666f4361636865456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e53686f756c644d69677261746546726f6d4f72617069222c20225622203a2022626f6f6c7c3122207d205d2c2022464347726f75704d61705f3322203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772616d6d6172436865636b696e672e437a656368456e746572707269736547726f757032222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772616d6d6172436865636b696e672e4f7074696f6e4f766572726964652e6373222c20225622203a20227374643a3a77737472696e677c4772616d6d617220616e6420726566696e656d656e74733a3a53657875616c206f7269656e746174696f6e20626961733d3022207d205d2c2022464347726f75704d61705f3422203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e42697a426172222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e766173426f6f742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e766173446f63756d656e7452656164792d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e766173466c6f6f64676174652d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734c6963656e73696e674469616c6f6752656e65772d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734c6f63616c4f70656e446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734c6f63616c53617665446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f444253617665446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f6e6544726976654f70656e446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f6e65447269766553617665446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f757453706163654f70656e2d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f757453706163655361766541732d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d466c6f6f6447617465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d496e41707050757263686173652d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f75745370616365222c20225622203a2022626f6f6c7c3022207d205d207d207d C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.1 = 645461626c654d616e616765722e536561726368222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e5175657279496d70726f76656d656e7473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e5175657279496d70726f76656d656e74732e45434c4d756c746953656c656374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e436f6d62696e654261636b656e6444696d656e73696f6e436f6d6d616e6473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4175674c6f6f702e4c6963656e73654665617475726573456e61626c65644f72436865636b222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4175674c6f6f702e576f726b666c6f7744697361626c65642e5265706c6163654f626a656374576f726b666c6f77222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4358452e48696464656e466f6e74734d736f466f6e745069636b657257696e3332222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e416c6c6f7753657456616c756573576974686f7574457863656c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e4368616e6765476174652e46436c6561724d6f6e696b6572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e436f6c6c656374536861706550726f7073427567466978222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e4d6170436861727459656c6c6f7744617461222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e5069766f744368617274496e7665727446696c6c427567466978222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e536c69646553686f7748696465546f6f6c74697073222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e417070564d61785265747279436f756e74222c20225622203a2022696e7433325f747c313422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e417070564d6178526574727954696d654c696d6974222c20225622203a2022696e7433325f747c363030303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e417070565265747279496e74657276616c222c20225622203a2022696e7433325f747c3230303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655265666163746f72656453687574646f776e50726f636573736573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655465616d734164646f6e222c20225622203a20227374643a3a77737472696e677c656e61626c656422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655465616d734f6e557064617465427573696e657373222c20225622203a20227374643a3a77737472696e677c656e61626c656422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655465616d734f6e55706461746550726f506c7573222c20225622203a20227374643a3a77737472696e677c656e61626c656422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e4164646974696f6e616c4461746154797065456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e426c6f636b466565646261636b457870657269656e636542617365644f6e5072697661637953657474696e6773222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e426c6f636b537572766579457870657269656e636542617365644f6e5072697661637953657474696e6773222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e436f686572656e6365457870657269656e6365456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e446961676e6f73746963735341532e55706c6f6164657254797065222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e456e61626c65466565646261636b5632536368656d61222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e466565646261636b446973616d626967756174696f6e53637265656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e486f73746564466565646261636b5461736b50616e65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e486f73746564537572766579456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e536173466565646261636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446961676e6f73746963732e44697361626c654661737446696c746572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e414354522e5468726f74746c654361706163697479222c20225622203a2022696e7433325f747c313022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e414354522e5468726f74746c65496e74657276616c4d736563222c20225622203a2022696e7433325f747c3130303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4261636b7374616765496e6170704e61765632456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e49735265706c7954696d657374616d704c6f6767696e67456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e4a53476174652e4e657743617264426f7264657273222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e4a53476174652e50616e65546162466f6375734669786573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e50726f636573734368616e676573496e766f6b65456c7365506f7374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d736f2e4f757453706163652e446570726563617465536574496d6167654173796e63222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4f666669636553746172742e466978466f7241444f33393032343239222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4f757453706163652e536861726564576974684d652e44697361626c65446f63756d656e74735265717565737449665573696e674167674d7275222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e436865636b41637469766974794c6f67546f456e61626c654d656e74696f6e73222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e456e61626c655369746573467269656e646c7950617468222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e486973746f72794c6567616379436c65616e7570456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e486973746f7279556e696f6e466978456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e486f6d65506167652e436f6c6c61707369626c65536c616273222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e496e4170704e61762e43726561746552656e616d6544656c657465222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4d736f2e4f666669636553746172742e466978466f7241444f333838363036375632222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4f44656c74612e53747265616d4d6f6465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e576f7069222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e4361636865457870697279496e4d696e222c20225622203a2022696e7433325f747c37323022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e436f6e666967496444656c696d69746572496e4c6f67222c20225622203a20227374643a3a77737472696e677c3b22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e436f6e6669674c6f67546172676574222c20225622203a20227374643a3a77737472696e677c64656661756c7422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e44697361626c65436f6e6669674c6f67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e456e61626c65536d61727445546167222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e454353546573742e746573747661726961626c65222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e44796e616d69634172726179526573697a65416c6c6f77616e6365506572546872656164222c20225622203a2022696e7433325f747c31303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e496e7369676874732e456e61626c65436f6d706c65785069766f745461626c65496e5069766f745461626c655265636f6d6d656e646572222c20225622203a20224d736f3a3a416e79547970657c75696e7431365f747c323b626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e496e7369676874732e456e61626c655069766f745461626c655265636f6d6d656e646572222c20225622203a20224d736f3a3a416e79547970657c75696e7431365f747c323b626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e496e7369676874732e5069766f745461626c655265636f6d6d656e64657252616e6b65725632222c20225622203a20224d736f3a3a416e79547970657c75696e7431365f747c323b626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e4e616d656453686565745669657750657273697374656e6365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e436f6e66696746657463684d616e61676572456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e44796e616d6963447069222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e457870466972737453657373696f6e5461736b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e4665617475726551756572794c6f676765722e456e61626c655374617469634c6f6767696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e5472696d41707049644c697374546f4665746368222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e416c7761797346616c6c6261636b466f7253796e634261636b6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e44657072656361746546696c65536572766572496e666f54797065222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e456e61626c654261636b67726f756e6455706c6f6164222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e5573654e65774d736f446f6354656c656d65747279496e697450617468222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e436865636b5265766973696f6e53747265616d457175616c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e436f6c6c616250726f7053746f726543616368655265736574436865636b6572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e436f7079546f43616c6c6261636b456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4373694c696d6974656446616c6c6261636b546f486c696e6b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e44534c49422e456e61626c654c6162656c73556e757365644f72436c6561726564436865636b222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446570726563617465436865636b5374617274735769746846696c654e616d65457869737473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446973616d626967756174654373694e6574776f726b436f6e6e65637469766974794572726f72222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446973636f52657472795374726174656779222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446973636f5374726963744d6f6465456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446f63732e4d736f2e4f757473706163652e496e6974436163686546726f6d464948222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4472675570646174655265666572656e63657353796368726f6e6f7573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e44796e616d6963467261676d656e7453697a65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e456e61626c65466f726365486f73744d6f6465466f7253796e634261636b6564486f73744f6e4f70656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4661696c43616c6c73546f5472616e73616374656453747265616d446174614265666f72654373694c6f616446696c65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|8" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|13" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe\ULSMonitor\ULSTagIds0 = "18679566,5804129,7202269,23978014,39965824,7692557,5850525,34198423,41484365,17962391,17962392" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.8 = 224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e457863656c222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22436f617574685c22203a207b205c224576656e74735c22203a207b205c22457865637574654d65726765496e7374616e63655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224b69636b4f6666517569636b536176655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22586c53796e6353746174654368616e67654c697374656e65724f6e53796e6353746174654368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f63734765744f70496e7465726e616c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c6f7365576f726b626f6f6b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224261636b67726f756e6451756575655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f704f6e4765745265766973696f6e436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f704f6e4765745265766973696f6e526573706f6e736552656365697665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f70464275696c644765745265766973696f6e526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f704f6e436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b5061636b61676546696c6553746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b5061636b61676546696c6553746f705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b456e637279707465644d6574726f46696c6553746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b456e637279707465644d6574726f46696c6553746f705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536b697070656443686743656c6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243717532674872446f456e74657243656c6c466d6c61584c5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22496e6672615c22203a207b205c224576656e74735c22203a207b205c224164644c6f63616c655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436f6d6d616e645c22203a207b205c224576656e74735c22203a207b205c2252656672657368416c6c5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22526566457874446174615c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c2246696c65536176655c22203a207b205c224576656e74735c22203a207b205c225361766541735361766546696c655c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c2243616c635c22203a207b205c224576656e74735c22203a207b205c224669784d616e75616c43616c634f6e4c6f61645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4578706572696d656e746174696f6e222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224564676546657463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164696e67466972737453657373696f6e43616368655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744665617475726573466f72534458556e65787065637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224142436f6e66696754726561746d656e7454797065556e65787065637465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e457874656e736962696c697479222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224f66666963654a735c22203a207b205c224576656e74735c22203a207b205c22417070436f6d6d616e64446566696e6974696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22417070496e697469616c697a6174696f6e585c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225363726970744c6f6164585c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436174616c6f675c22203a207b205c224576656e74735c22203a207b205c2245786368616e67654765744c617374557064617465325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22547279446973636f76657245777355726c735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245786368616e67654765744c6173745570646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254727948616e646c6541757468656e7469636174696f6e526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245786368616e6765476574456e7469746c656d656e74735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2245786368616e67654765744d616e6966657374735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2245786368616e676552656672657368457874656e73696f6e4c6973745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2241757468656e7469636174696f6e526963684170695c22203a207b205c224576656e74735c22203a207b205c22476574416363657373546f6b656e56324261636b67726f756e645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574416363657373546f6b656e56324d61696e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574416363657373546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247657441757468546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22496e7374616c6c65725c22203a207b205c225375624e616d657370616365735c22203a207b205c225461736b456e67696e655c22203a207b205c224576656e74735c22203a207b205c224765744368616e676564536f6c7574696f6e735461736b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224765744368616e676564536f6c7574696f6e735461736b5265676973746572536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744368616e676564536f6c7574696f6e735461736b52656769737465724e65757472616c5061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b5363686564756c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b526567697374726174696f6e4572726f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b537563636573735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b496e46696e616c697a655374617465457863657074696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b536574496e7374616c6c5374617475734572726f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b61676541707078457874726163746f725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b6167655265717565737465725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b6167655265717565737465725461736b53657276696365526571756573745374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b446573747275637465644265666f7265436f6d706c6574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b436f6d706c6574656446657463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b496e7374616c6c6564417070735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b4170704665746368446f6e655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b61676553617665725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578705061636b616765526567697374726174696f6e496e666f5461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b616765536f6c7574696f6e49445570646174655461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578747261637446696c6573546573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245787472616374466f6f747072696e7446696c6573546573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b52756e4e657874457863657074696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f73664d616e696665737456616c696461746f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224765744368616e676564536f6c7574696f6e735461736b52656769737465724c6f63616c655061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c476574436f6e66696755726c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253636176656e6765725461736b436c656172526567697374726174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b5265676973746572536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b52656769737465724e65757472616c5061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b52656769737465724c6f63616c655061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744368616e676564536f6c7574696f6e735461736b4c6f63616c65556e617661696c61626c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744368616e676564536f6c7574696f6e735461736b5061636b616765556e617661696c61626c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253636176656e6765725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253636176656e6765725461736b436c656172526567697374726174696f6e4661696c65645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d61696e5c22203a207b205c224576656e74735c22203a207b205c225344584261636b67726f756e645461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f7366496e7374616c6c65725374617274436f6d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f7366496e7374616c6c657253746172744e6f74434f4d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f7366496e7374616c6c657253746172744d61696e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c5363686564756c655461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c53687574646f776e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744e6574776f726b436f737454696d656f75745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744e6574776f726b436f737453657276696365556e617661696c61626c655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d2c205c224576656e74735c22203a207b205c225061636b61676541707078457874726163746f725461736b5061636b616765496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253616e64626f785c22203a207b205c224576656e74735c22203a207b205c22506f73744f7366436f6e74726f6c4d6573736167655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f445041637469766174696f6e48616e67696e675c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253616e64626f784372656174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574654f7366436f6e74726f6c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225365744f4d546f6b656e4f6e54726964656e74486f73745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657454726964656e74486f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f445053686f775461736b70616e65436f6e74726f6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174654f7366436f6e74726f6c56325c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243726561746552656d6f7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446f776e6c6f61644d616e69666573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656c6f6164416c6c4f7366436f6e74726f6c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265737461727452656d6f7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265737461727453616e64626f7865735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253746172744f7366436f6e74726f6c5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22417070436f6d6d616e64735c22203a207b205c224576656e74735c22203a207b205c22526962626f6e5847656e657261746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22417070436d6450726f6a656374696f6e5374617475735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224361636865446573657269616c697a6546726f6d53747265616d5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22436163686553657269616c697a65546f53747265616d5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224361636865536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22457773526566726573685c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2245786563757465416374696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246616c6c6261636b546f46697273744c6976654964496e4f454d5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246616c6c6261636b546f46697273744c6976654964496e526962626f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246657463684361636865536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e7374616c6c4d616e696665737452656164795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61644d696e43616368655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224d69734d61746368696e67526962626f6e4964656e74697479496e666f5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225072657061726553686f775461736b70616e6556325c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656d6f766546726f6d526962626f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253686f775465616368696e6743616c6c6f75745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225461736b70616e65417070436d64496e7374616c6c6174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2255585c22203a207b205c224576656e74735c22203a207b205c224c61756e63684f6d657853534f436f6e73656e74 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.10 = 2032207d2c205c224c6f6164437369446c6c466f72436c69636b3252756e456e7669726f6e6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2249735365727665724361636865645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d616e75616c5361766555736167655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c6553746f72655c22203a207b205c224576656e74735c22203a207b205c22465344436f7272757074696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2247617262616765436f6c6c656374696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225a65726f4279746546696c6555706c6f6164417474656d707465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c2252756e74696d6550726f706572746965735c22203a207b205c224576656e74735c22203a207b205c22496e636f6d70617469626c6543736956657273696f6e44657465637465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c224f66666963655c22203a207b205c225375624e616d657370616365735c22203a207b205c2246696c65494f5c22203a207b205c225375624e616d657370616365735c22203a207b205c224353495c22203a207b205c225375624e616d657370616365735c22203a207b205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2243616368654f707469637356325c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d2c205c224d6f6373695c22203a207b205c224576656e74735c22203a207b205c22557064617465486f73745469705c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4772617068696373222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22415243457863657074696f6e53636f70655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2245326f5669657752656e646572506572666f726d616e636541637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224172745669657756616c69646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f6669745368617065546f54657874436d645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f704c6576656c456666656374447261775c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174654269746d617046726f6d506c6174666f726d4269746d61705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e6b496e70757453757266616365426173655570646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250617468576964656e657246576964656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250617468576964656e657246576964656e53696d706c65506174685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224776697a536d61727441727450726f7065727469657354656c656d657472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746544657669636544334431305c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22537065637472655472616e73636f646541637469766974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e73657274496e646976696475616c4d6f64656c334441637469766974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61646564496d61676550726f706572746965735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e736572744d6f64656c334441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22537065637472654372656174655363656e6541637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224d6f64656c334452656e64657241637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4964656e74697479222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22456e7375726550726f7669646572496e697465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574506572736f6e50726f66696c6553657475705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224964656e74697479536e617073686f745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657450726f7669646572466f7241757468536368656d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472794964656e74697479506172656e744d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526f616d696e6750726f7879496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536861726564437265645265667265736846726f6d53746f72655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561644f6e6546726f6d43726564656e7469616c4c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22435265616453796e635461736b52756e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f6d61696e4a6f696e65644f72436c6f7564446f6d61696e4a6f696e656453657373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744164616c416363657373546f6b656e46726f6d4372656450726f76696465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574436f6e666967546f6b656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574426c6f636b696e67536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506f70756c617465536572766963654d61705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657441757468656e74696361746564536572766963655469636b65745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526566726573684964656e7469746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765745365727669636555726c466f7246656465726174696f6e50726f7669646572416e616c797369735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365727669636555726c5374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241637175697265536572766963655469636b6574466f724144414c5c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2253697465735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e496e736967687473222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22496e73696768747350616e655c22203a207b205c224576656e74735c22203a207b205c22415c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248746d6c5072656665746368526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436163686546696c654e6f7456616c69645c22203a207b205c224576656e74466c61675c22203a20323536207d207d2c205c225375624e616d657370616365735c22203a207b205c224f66666963655c22203a207b205c224576656e74735c22203a207b205c2253797374656d616c69645c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22496e7369676874735c22203a207b205c224576656e74735c22203a207b205c22496e73696768747350616e655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e73696768747350616e65305c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e73696768747350616e65725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d5c22203a207b205c224576656e74735c22203a207b205c224163746976697479715c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224163746976697479735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22536d6172744c6f6f6b75705c22203a207b205c224576656e74735c22203a207b205c22415c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f7079466561747572654761746573315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f7079466561747572654761746573325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331305c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331335c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331355c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573335c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573345c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573355c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573365c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573375c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573385c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573395c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248746d6c5072656665746368526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265667265736843616368656446696c65735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446f776e6c6f61645265736f757263655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2241757468656e7469636174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22526573756c7447726f7570546f52656e6465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253656e64576562536f636b6574526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22576562536f636b657450696e67506f6e674c6174656e63795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446961676e6f737469635c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2238564d65686c6c5c22203a207b205c225375624e616d657370616365735c22203a207b205c22356b69614b3747426b7a505746675c22203a207b205c224576656e74735c22203a207b205c22373139305c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c22385c22203a207b205c225375624e616d657370616365735c22203a207b205c227a424b387872415553554e52497859484e4b55415c22203a207b205c224576656e74735c22203a207b205c22393133335c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224f66666963655c22203a207b205c224576656e74735c22203a207b205c2253797374656d644d617463685c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22496e7369676874735c22203a207b205c224576656e74735c22203a207b205c22536d6172744c6f6f6b75705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172744c6f6f6b75705f5f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172744c6f6f6b75705f5f5f5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d5c22203a207b205c224576656e74735c22203a207b205c2241637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d68633863674f6a46515c22203a207b205c224576656e74735c22203a207b205c22383635335c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22556952756e74696d655c22203a207b205c224576656e74735c22203a207b205c22437265617465576562536f636b65745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2250726f636573735265717565737451756575655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e74656e745365727669636550726f78794f6e436f6e6e656374696f6e436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f6e436f6e6e656374696f6e436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4c6963656e73696e67222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224c6963656e73696e67427573626172416374696f6e5c22203a207b205c224576656e74466c61675c22203a203439343038207d2c205c22487244697370617463685375625461736b53746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253617665416c6c536b75696473546f52656769737472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2257616974546f52657472794865617274626561745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536561726368466f7253657373696f6e546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224e554c56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2256616c696461746553657373696f6e546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243616e52756e4665617475726543616368655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22506572666f726d4c6963656e73696e674e6f74696669636174696f6e735c22203a207b205c224576656e74466c61675c22203a20323536207d207d2c205c225375624e616d657370616365735c22203a207b205c224c5655585c22203a207b205c224576656e74735c22203a207b205c224e6f456e7469746c656d656e74735c22203a207b205c224576656e74466c61675c22203a203439343038207d2c205c224e6f456e7469746c656d656e74734578706572696d656e74547269676765725c22203a207b205c224576656e74466c61675c22203a203439343038207d207d207d2c205c224f6666696365436c69656e744c6963656e73696e675c22203a207b205c224576656e74735c22203a207b205c224c6963656e7365436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6567616379416374697669747953756363657373436f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c656761637941637469766974794661696c757265436f756e745c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22436c69656e745c22203a207b205c224576656e74735c22203a207b205c224653686f756c6441637469766174655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224865617274626561745c22203a207b205c224576656e74735c22203a207b205c22577269746543616368655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225265616443616368655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22517569636b56616c69646174696f6e5c22203a207b205c C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.6 = 3a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6e7461637443617264416374696f6e487562416374696f6e53686f77436f6e74616374436172645c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279557365724a756d70546f417574686f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279557365724f70656e53696e676c65466c796f75745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22456d61696c416374696f6e487562416374696f6e53656e64456d61696c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e6453657456616c75655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224d736f494d5365727669636573536642506861736531496d70726f76656d656e7473456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224368617443616c6c6f757455736572496e697455495c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f494d5365727669636573497357616343686174456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f494d536572766963657353664257616343686174456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f494d536572766963657353664357616343686174456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617455494d6f64656c4f6e55494576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224368617443616c6c6f7574557365724f6e5061727469636970616e744c6973744368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6175746847616c6c65727955736572437265617465416374696f6e4875624c69737446726f6d536e617073686f745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22436f6175746847616c6c65727955736572437265617465466c65784c69737446726f6d536e617073686f745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22436f6c6c61625c22203a207b205c225375624e616d657370616365735c22203a207b205c22436f617574686f725c22203a207b205c225375624e616d657370616365735c22203a207b205c22436f617574686f72446f63756d656e7448656c7065725c22203a207b205c224576656e74735c22203a207b205c22547269676765725265747269657665446f63756d656e74436f617574686f72735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225265747269657665456469746f72735461626c654d616e616765725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225265747269657665527463557365725c22203a207b205c224576656e74466c61675c22203a20353132207d207d207d207d207d207d207d2c205c2241744d656e74696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22446f63756d656e744163746976697479496e746567726174696f6e5c22203a207b205c224576656e74735c22203a207b205c224164645265636f7665726564416374697669746965735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2250726f6365737341744d656e74696f6e4e6f74696669636174696f6e734c6973745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6d6d656e74734e6f74696669636174696f6e436f6c6c6563746f7252656d6f766564436f6d6d656e74735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2250726f63657373436f6d6d656e74734e6f74696669636174696f6e734c6973745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22536176654c6f67466f725265636f766572795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22437265617465446f63756d656e7441637469766974794c6f674d616e616765725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c657465436f6d6d656e7441637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22446973636172644c6f63616c416374697669746965735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574655265706c7941637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2243726561746541744d656e74696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c65746541744d656e74696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574654d6f6465726e436f6d6d656e7441637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224372656174654d6f6465726e41744d656e74696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f70656e4c6f6746726f6d5265636f766572795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574654d6f6465726e5265706c7941637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225064616c6d446f63756d656e7441637469766974794c6f674d616e616765725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22456e73757265446f63756d656e744163746976697479436170747572655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456e737572654c6f67507265526571735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d6574726f4f70656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746555736572496e666f466f72417574686f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22437265617465556e69717565417574686f72566563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746555736572496e666f46726f6d417574686f72566563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224973436c6f7564446f63756d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365745361766564507265526571735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174655265766973696f6e53657441637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574436f6d6d656e74436f6e74656e744964656e7469666965725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f67436f6d6d656e744174747269627574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472794372656174654c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536176654c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657453617665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224162616e646f6e4c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174655461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225461736b4372656174696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561737369676e5461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656f70656e5461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d706c6574655461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224465736b746f704261636b73746167655c22203a207b205c224576656e74735c22203a207b205c22536176654173526563656e74436c69636b65645c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253617665417344656661756c745365727669636553656c656374696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f70656e526563656e74446f63756d656e747356696577436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f70656e526563656e74446f63756d656e7473566965775769746846656174757265456e61626c6564436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22424743616c634d616e6167657250726f6365737353657456616c75657350726f635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22424743616c6349646c655461736b46457865637574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506c6163657347726f757065724163636f756e74496e666f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657474696e67537461727465644d5255536c61624765744d72754461746554696d6547726f7570547970655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f70656e526563656e744c6f636174696f6e7356696577436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e617669676174696f6e5265616453697465526f6f74427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e617669676174696f6e52656164446f634c6962466f6c646572427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224f666669636553706163655c22203a207b205c225375624e616d657370616365735c22203a207b205c224465736b746f704261636b73746167654e617669676174696f6e5c22203a207b205c224576656e74735c22203a207b205c224c617a794c6f616446696c6543616368655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224c6f616446726f6d46696c6543616368655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253617665496e746f46696c6543616368655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2252656164546869735043526f6f745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22526561644c6f63616c466f6c6465725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225265616453697465526f6f74427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224765744974656d57656244617655726c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2247657452656d6f74654974656d496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2252656164446f634c6962466f6c646572427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22526561644d696772617465644f4443466f6c646572427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d2c205c22504358506572736f6e6150686f746f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f757453706163655c22203a207b205c224576656e74735c22203a207b205c22557064617465506c616365735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486964655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365744d72754c697374466f72486f6d65506167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c65616e75705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536861726564576974684d65506f70756c6174654c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174654d52554974656d735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f70656e4469736d6973735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e65774469736d6973735c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c224465736b746f704261636b73746167655c22203a207b205c224576656e74735c22203a207b205c224261636b73746167654469736d69737365645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f76657279436f6d7061726557697468556e736176656456657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f7665727944656c657465556e736176656456657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f766572794f70656e556e736176656456657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f76657279506f70756c617465556e736176656456657273696f6e4c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e69744e65774e6176466f6c6465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e6577536572766963654c6973745c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c225368617265506f696e7453697465735c22203a207b205c224576656e74735c22203a207b205c2247726f75707353697465735265717565737449636f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e745369746573496e697469616c697a655369746573436f6c6c656374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e74536974657350726f63657373526573756c74466f724964656e746974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465734964656e74697479436163686552657175657374526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465735265717565737453697465734361636865645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465735265717565737453697465734173796e6350726f63657373526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465735265717565737453697465734173796e635c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224372656174654c6f636174696f6e735c22203a207b205c224576656e74735c22203a207b205c2244656661756c744964656e74697479456d7074795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253686172696e674c6567616379436c69656e745c22203a207b205c224576656e74735c22203a207b205c22476574446174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22486f6d65506167655c22203a207b205c224576656e74735c22203a207b205c22506c6163654368616e6765536c6162436f6e646974696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e53686f77486f6d65506167655c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c225365617263685c22203a207b205c224576656e74735c22203a207b205c225365656e4279557365725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224f666669636553746172745c22203a207b205c224576656e74735c22203a207b205c22536574757054656d706c61746550726f706572746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243757272656e745549416374697665506c6163654368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22547269676765725468756d626e61696c416374696f6e52756e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f63756d656e744e6f74696669636174696f6e735c22203a207b205c224576656e74735c22203a207b205c2252656769737465724f6e49646c65466561747572654761746544697361626c65645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d7275536572766963654170695c22203a207b205c225375624e616d657370616365735c22203a207b205c22446f63756d656e74735c22203a207b205c224576656e74735c22203a207b205c2252656164526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225772697465526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e526571756573745375636365656465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22506c616365735c22203a207b205c224576656e74735c22203a207b205c2252656164526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225772697465526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e526571756573745375636365656465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224d736f53686172696e675c22203a207b205c224576656e74735c22203a207b205c22434d736f53686172696e675365727669636548656c706572456e64476574486f7374436170616269 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|7" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|2" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\ClickToRun\C2RClient\C2RClientReturnCode\6616_Status = "ended" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A

Modifies registry class

Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F8CF7A98-2C45-4c8d-9151-2D716989DDAB}\EnableFullPage\.vst C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VisioViewer.Viewer\shell\open\command C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{28594D1A-A83A-3372-A275-C1700CFB7D42}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{5A6A6EF1-8165-3EFA-8982-536C7977A79D}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E170-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{506F4668-F13E-4AA1-BB04-B43203AB3CC0}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:|Program Files (x86)|Common Files|Microsoft Shared|VSTA|Pipeline.v10.0|AddInViews|Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F37F-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{59191DA1-EA47-11CE-A51F-00AA0061507F} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{2E7AC8A7-CF9C-3C1D-ACC7-2605667BFCBF} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{0621016A-022C-3A7E-B017-F4589F97BA4E}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\00006109E70000000100000000F01FEC C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3BE786A2-0366-4F5C-9434-25CF162E475E}\InprocServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{D6166973-3665-4EDB-94B0-77C65C34B51C} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B4CD3EA-4981-101B-9CA8-9240CE2738AE} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3F77C747-A942-45B2-A812-097A1F5CFE6F}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{550D0110-8DCD-11D1-8524-00A02495E426}\VersionIndependentProgID C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FFFDC614-B694-4AE6-AB38-5D6374584B52}\ProgID C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.xlt\ShellEx C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F249-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{1E795768-6E5C-3CF7-AACB-4CDE284B7B04}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{79C569A5-0A9F-3922-BC4D-908835FFED05}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.vsto C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell\open\command C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VisShe.CVisioFileFilter C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{91493443-5A91-11CF-8700-00AA0060263B}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{452A1AEC-5665-36CB-8E14-9C39286E8216}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Visio.Template.11 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8BF94B48-1E76-4AA3-AB1D-463F49B3E681}\ProxyStubClsid C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{200A1EF2-18FB-3BAB-92AE-E3A78B2E1108} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\ZoomLauncher\shell C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{FEC5AFEE-ECC9-3A0C-BC4D-20BD39AEC813}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{118B684E-5144-3271-8A58-1063D0743ECE}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{91493448-5A91-11CF-8700-00AA0060263B} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{D08FA7EE-D986-3539-AA28-10DBAB03E863} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\bootstrap.vsto C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\ZoomPhoneCall\DefaultIcon C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Name.NameCtrl C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{673E8454-7646-11D1-B90B-00A0C9259304} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open C:\Users\Admin\Downloads\AnyDesk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\ZoomRecording\shell C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F317-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{226CC8E6-1ED0-4770-A7F1-A80BB4DDF07B}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{A2F1DAF6-7EEC-46C9-AB9F-877C909CB47D}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.vsto\shell\edit C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00020802-0000-0000-C000-000000000046} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{36DE898D-AD48-40A5-B4B2-123F916BFBAB}\TypeLib C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.pdfxml.1\shell\Open\command C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9203C2CB-1DC1-482D-967E-597AFF270F0D}\Programmable C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6939BF8D-FF94-492C-9E4E-BD6439D8F867}\ProgID C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F6AA-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{A94116C6-61BA-3FD4-9DD5-296B3CF91876}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{8C056F24-33C7-4885-B349-A23DC9155886} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EFBD9A69-66AF-4D44-BB36-D477E5014216}\InProcServer32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{C64DAC55-A9B6-3E07-9973-B9F921E8D9BA} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{3DBDD630-DD73-11CE-8CD1-00AA0044BB60}\11.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{05E7A42A-303C-371A-B137-3635FDDD54AA} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3120BA9F-4FC8-4A4F-AE1E-02114F421D0A}\1.0\0\win32 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{C8D258D0-9239-3C8D-A2F1-F483968220F6} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{903FC985-B0B1-34FE-ADD7-CB9968ED8DA7} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{928E425A-4170-3FAC-BACF-D7BD27641BAC} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{EC64ADD2-4DB2-36C1-8915-2E9C64F9F57B}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA8A9780-280D-11CF-A24D-444553540000}\EnableFullPage\.xfdf C:\Windows\system32\msiexec.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 19000000010000001000000091fad483f14848a8a69b18b805cdbb3a030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d34317e000000010000000800000000c001b39667d6011d0000000100000010000000e871723e266f38af5d49cda2a502669c14000000010000001400000055e481d11180bed889b908a331f9a1240916b9700b000000010000001e00000045006e0074007200750073007400200028003200300034003800290000006200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1777f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d820000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 040000000100000010000000ee2931bc327e9ae6e8b5f751b43471900f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b060105050703076200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000c001b39667d601030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343119000000010000001000000091fad483f14848a8a69b18b805cdbb3a20000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 5c00000001000000040000000008000019000000010000001000000091fad483f14848a8a69b18b805cdbb3a030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d34317e000000010000000800000000c001b39667d6011d0000000100000010000000e871723e266f38af5d49cda2a502669c14000000010000001400000055e481d11180bed889b908a331f9a1240916b9700b000000010000001e00000045006e0074007200750073007400200028003200300034003800290000006200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1777f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8040000000100000010000000ee2931bc327e9ae6e8b5f751b434719020000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431 C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b060105050703076200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000c001b39667d601030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\ping.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GNU8R.tmp\world_of_tanks_install_eu_cywi9v4rn4uf.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GNU8R.tmp\world_of_tanks_install_eu_cywi9v4rn4uf.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GNU8R.tmp\world_of_tanks_install_eu_cywi9v4rn4uf.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GNU8R.tmp\world_of_tanks_install_eu_cywi9v4rn4uf.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9TRBT.tmp\world_of_tanks_install_eu_cywi9v4rn4uf.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9TRBT.tmp\world_of_tanks_install_eu_cywi9v4rn4uf.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9TRBT.tmp\world_of_tanks_install_eu_cywi9v4rn4uf.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9TRBT.tmp\world_of_tanks_install_eu_cywi9v4rn4uf.tmp N/A
N/A N/A C:\Users\Admin\Downloads\PDFixers.exe N/A
N/A N/A C:\Users\Admin\Downloads\PDFixers.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
N/A N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
N/A N/A C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A
N/A N/A C:\Games\Malinovka\malinovka_core.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2940 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 2992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://zx

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad67d46f8,0x7ffad67d4708,0x7ffad67d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,13462510781244240827,7009351453187647316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,13462510781244240827,7009351453187647316,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,13462510781244240827,7009351453187647316,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13462510781244240827,7009351453187647316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13462510781244240827,7009351453187647316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13462510781244240827,7009351453187647316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13462510781244240827,7009351453187647316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffad5fd9758,0x7ffad5fd9768,0x7ffad5fd9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4700 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5340 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4016 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5384 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5188 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x300 0x444

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3664 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6260 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6184 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6392 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5584 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6268 --field-trial-handle=1772,i,10243751987793933365,17109177610461511214,131072 /prefetch:8

C:\Users\Admin\Downloads\AnyDesk.exe

"C:\Users\Admin\Downloads\AnyDesk.exe"

C:\Users\Admin\Downloads\AnyDesk.exe

"C:\Users\Admin\Downloads\AnyDesk.exe" --local-control

C:\Users\Admin\Downloads\AnyDesk.exe

"C:\Users\Admin\Downloads\AnyDesk.exe" --local-service

C:\Users\Admin\Downloads\AnyDesk.exe

"C:\Users\Admin\Downloads\AnyDesk.exe" --install "C:\Program Files (x86)\AnyDesk" --start-with-win --create-shortcuts --create-taskbar-icon --create-desktop-icon --install-driver:mirror --install-driver:printer --update-main --svc-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf" --sys-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf"

C:\Program Files (x86)\AnyDesk\AnyDesk.exe

"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service

C:\Program Files (x86)\AnyDesk\AnyDesk.exe

"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --control

C:\Windows\SysWOW64\expand.exe

expand -F:* "C:\Users\Admin\AppData\Roaming\AnyDesk\printer_driver\v4.cab" "C:\Users\Admin\AppData\Roaming\AnyDesk\printer_driver"

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" printui.dll, PrintUIEntry /if /b "AnyDesk Printer" /f "C:\Users\Admin\AppData\Roaming\AnyDesk\printer_driver\AnyDeskPrintDriver.inf" /r "AD_Port" /m "AnyDesk v4 Printer Driver"

C:\Program Files (x86)\AnyDesk\AnyDesk.exe

"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --new-install

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{b100ab85-c26f-1d44-9714-073e9c989ca7}\anydeskprintdriver.inf" "9" "49a18f3d7" "0000000000000150" "WinSta0\Default" "0000000000000138" "208" "c:\users\admin\appdata\roaming\anydesk\printer_driver"

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{50fe4217-9b82-2646-a2c5-22415e6627ee} Global\{08d67a5f-1402-5f47-a8af-b6fcd2c06646} C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\anydeskprintdriver.inf C:\Windows\System32\DriverStore\Temp\{75edc024-89a7-e749-9342-c5151525c793}\AnyDeskPrintDriver.cat

C:\Program Files (x86)\AnyDesk\AnyDesk.exe

"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --backend

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad5fd9758,0x7ffad5fd9768,0x7ffad5fd9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4592 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5124 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5188 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5180 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5380 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5268 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3616 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5696 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3876 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Users\Admin\Downloads\MalinovkaInstaller.exe

"C:\Users\Admin\Downloads\MalinovkaInstaller.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im malinovka.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im malinovka_core.exe

C:\Games\Malinovka\malinovka.exe

"C:\Games\Malinovka\malinovka.exe"

C:\Games\Malinovka\malinovka_core.exe

"C:\Games\Malinovka\malinovka_core.exe" --by-starter

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad67d46f8,0x7ffad67d4708,0x7ffad67d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://malinovka.org/register?from=app&sub=auth

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10452713066576369974,7963200830371664413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,10452713066576369974,7963200830371664413,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10452713066576369974,7963200830371664413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10452713066576369974,7963200830371664413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10452713066576369974,7963200830371664413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10452713066576369974,7963200830371664413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10452713066576369974,7963200830371664413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10452713066576369974,7963200830371664413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10452713066576369974,7963200830371664413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10452713066576369974,7963200830371664413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10452713066576369974,7963200830371664413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10452713066576369974,7963200830371664413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2392 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://malinovka.org/profile?from=app&sub=play#create_character_3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad67d46f8,0x7ffad67d4708,0x7ffad67d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10452713066576369974,7963200830371664413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10452713066576369974,7963200830371664413,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://vk.com/@malinovka-police-upd-29-08-23

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad67d46f8,0x7ffad67d4708,0x7ffad67d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10452713066576369974,7963200830371664413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5332 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4676 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5632 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5472 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5268 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3324 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2388 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5540 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3616 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4664 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6288 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6160 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3740 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6580 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6740 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Users\Admin\Downloads\ZoomInstallerFull.exe

"C:\Users\Admin\Downloads\ZoomInstallerFull.exe"

C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe

.\Installer.exe

C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe

"C:\Users\Admin\AppData\Local\Temp\7zS8979670E\Installer.exe" /addfwexception --bin_home="C:\Users\Admin\AppData\Roaming\Zoom\bin"

C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe

C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe Zoom.exe --promptupdateaction=installed

C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe

"C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe" --action=preload --runaszvideo=TRUE

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6032 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6580 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6224 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6728 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5636 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6244 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7096 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5336 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6312 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2624 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5364 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5980 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Users\Admin\Downloads\world_of_tanks_install_eu_cywi9v4rn4uf.exe

"C:\Users\Admin\Downloads\world_of_tanks_install_eu_cywi9v4rn4uf.exe"

C:\Users\Admin\AppData\Local\Temp\is-GNU8R.tmp\world_of_tanks_install_eu_cywi9v4rn4uf.tmp

"C:\Users\Admin\AppData\Local\Temp\is-GNU8R.tmp\world_of_tanks_install_eu_cywi9v4rn4uf.tmp" /SL5="$90324,4910880,914432,C:\Users\Admin\Downloads\world_of_tanks_install_eu_cywi9v4rn4uf.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1060 -ip 1060

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 1632

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1060 -ip 1060

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 1632

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\world_of_tanks_install_eu_cywi9v4rn4uf.exe

"C:\Users\Admin\Downloads\world_of_tanks_install_eu_cywi9v4rn4uf.exe"

C:\Users\Admin\AppData\Local\Temp\is-9TRBT.tmp\world_of_tanks_install_eu_cywi9v4rn4uf.tmp

"C:\Users\Admin\AppData\Local\Temp\is-9TRBT.tmp\world_of_tanks_install_eu_cywi9v4rn4uf.tmp" /SL5="$304C8,4910880,914432,C:\Users\Admin\Downloads\world_of_tanks_install_eu_cywi9v4rn4uf.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6580 -ip 6580

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 1636

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 6580 -ip 6580

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 1656

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6980 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5780 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7228 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=6780 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=5872 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=6188 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6800 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=4856 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=6048 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7512 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7480 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7700 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7512 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Users\Admin\Downloads\PDFixers.exe

"C:\Users\Admin\Downloads\PDFixers.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7108 --field-trial-handle=1892,i,10425738178667371643,6762425856902380030,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://malinovka.org/plus?from=app&sub=header

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad67d46f8,0x7ffad67d4708,0x7ffad67d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10452713066576369974,7963200830371664413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffad67d46f8,0x7ffad67d4708,0x7ffad67d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulta7314fdbh6766h45d7h8b21hfa7463520781

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,737776404916283495,10481286731319325599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,737776404916283495,10481286731319325599,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,737776404916283495,10481286731319325599,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=ProPlusRetail.16_en-us_x-none culture=en-us version.16=16.0

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe"

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

integrator.exe /U /Extension /Msi /License PRIDName=ProPlusRetail.16 PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates Logon"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentLogOn2016"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentFallBack2016"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

\??\c:\Windows\syswow64\MsiExec.exe

c:\Windows\syswow64\MsiExec.exe -Embedding 11DCE2255D706C96ED5A6CAF6045059C E Global\MSI0000

\??\c:\Windows\System32\MsiExec.exe

c:\Windows\System32\MsiExec.exe -Embedding 2C6C3A085E4F2C74376039D4475D0409 E Global\MSI0000

C:\Program Files\Common Files\Microsoft Shared\Source Engine\ose.exe

"C:\Program Files\Common Files\Microsoft Shared\Source Engine\ose.exe" -standalone:temp

C:\Windows\Temp\ose00000.exe

"C:\Windows\Temp\ose00000.exe" -standalone

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.Internal, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.Internal, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update /queue

\??\c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe

"c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -PipelineRoot:"c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\." -Rebuild

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

\??\c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe

"c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -AddInRoot:"c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\." -Rebuild

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

\??\c:\Windows\System32\MsiExec.exe

c:\Windows\System32\MsiExec.exe -Embedding 7E32EBF6BE3AD98A23494BDE2C8E9787 E Global\MSI0000

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /standalonesystem

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Office Automatic Updates 2.0"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Office Automatic Updates"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Office Subscription Maintenance"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Office ClickToRun Service Monitor"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Microsoft Office Touchless Attach Notification"

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe" /qb /x {AC76BA86-7AD7-1033-7B44-AC0F074E4100}

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A5014484CBADE5E6384DB527B9E5F47E

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 7AD71581EE3F34D2DE831EF46A5D06CB E Global\MSI0000

C:\Windows\Installer\MSIA61.tmp

"C:\Windows\Installer\MSIA61.tmp" /b 3 120 0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" ClearToasts

C:\Program Files\7-Zip\Uninstall.exe

"C:\Program Files\7-Zip\Uninstall.exe"

C:\Users\Admin\AppData\Local\Temp\7zA3DD5EC0\Uninst.exe

C:\Users\Admin\AppData\Local\Temp\7zA3DD5EC0\Uninst.exe /N /D="C:\Program Files\7-Zip\"

C:\Program Files\Mozilla Firefox\uninstall\helper.exe

"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe

"C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe"

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Program Files\Mozilla Firefox\uninstall\

C:\Windows\system32\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s /u "C:\Program Files\Mozilla Firefox\AccessibleHandler.dll"

C:\Program Files\Mozilla Firefox\default-browser-agent.exe

"C:\Program Files\Mozilla Firefox\default-browser-agent.exe" uninstall 308046B0AF4A39CB

C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" /S

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_B.exe

"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_B.exe" /S _?=C:\Program Files (x86)\Mozilla Maintenance Service\

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" uninstall

C:\Users\Admin\AppData\Local\Zoom\uninstall\Installer.exe

"C:\Users\Admin\AppData\Local\Zoom\uninstall\Installer.exe" /uninstall

C:\Users\Admin\AppData\Local\Zoom\uninstall\Installer.exe

"C:\Users\Admin\AppData\Local\Zoom\uninstall\Installer.exe" /uninstall /normal.priviledge

C:\Users\Admin\AppData\Roaming\Zoom\bin\CptInstall.exe

-uninstall -unelevate

C:\Games\Malinovka\game\malinovka_game.exe

C:\Games\Malinovka\game\malinovka_game.exe -c -h t=RU,a=80.66.71.19,p=8192 -p 0 -n Vasiliy_Ponarezov -z 7be5e7927bfaa87f1ee10c42

C:\Games\Malinovka\game\malinovka_ac.exe

"C:\Games\Malinovka\game\malinovka_ac.exe" -m -p 7960 -s d1ad9a0203efa629421a0ca20e7da48a -r 6F4BC930 -b C:\Games\Malinovka\game\malinovka_ac.bin

C:\Windows\SysWOW64\nslookup.exe

nslookup -debug malinovka.org

C:\Windows\SysWOW64\ping.exe

ping ping-test-ams.malinovka.app

C:\Windows\SysWOW64\nslookup.exe

nslookup -debug -type=NS malinovka.org

C:\Windows\SysWOW64\nslookup.exe

nslookup -debug servers4.pro

C:\Games\Malinovka\game\malinovka\cef\malinovka_cef.exe

"C:\Games\Malinovka\game\malinovka\cef\malinovka_cef.exe" --type=gpu-process --no-sandbox --locales-dir-path="C:\Games\Malinovka\game\malinovka\cef\locales" --log-severity=info --resources-dir-path="C:\Games\Malinovka\game\malinovka\cef" --lang=ru --user-data-dir="C:\Users\Admin\Documents\Malinovka\cef\data" --gpu-preferences=UAAAAAAAAADgACgYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\Documents\Malinovka\cef\malinovka_cef.log" --mojo-platform-channel-handle=3544 --field-trial-handle=3556,1871178917349409598,12597027277999740776,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2

C:\Windows\SysWOW64\nslookup.exe

nslookup -debug -type=NS servers4.pro

C:\Games\Malinovka\game\malinovka\cef\malinovka_cef.exe

"C:\Games\Malinovka\game\malinovka\cef\malinovka_cef.exe" --type=renderer --locales-dir-path="C:\Games\Malinovka\game\malinovka\cef\locales" --log-severity=info --resources-dir-path="C:\Games\Malinovka\game\malinovka\cef" --disable-plugins --user-data-dir="C:\Users\Admin\Documents\Malinovka\cef\data" --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Users\Admin\Documents\Malinovka\cef\malinovka_cef.log" --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3952 --field-trial-handle=3556,1871178917349409598,12597027277999740776,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Games\Malinovka\game\malinovka\cef\malinovka_cef.exe

"C:\Games\Malinovka\game\malinovka\cef\malinovka_cef.exe" --type=renderer --locales-dir-path="C:\Games\Malinovka\game\malinovka\cef\locales" --log-severity=info --resources-dir-path="C:\Games\Malinovka\game\malinovka\cef" --disable-plugins --user-data-dir="C:\Users\Admin\Documents\Malinovka\cef\data" --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Users\Admin\Documents\Malinovka\cef\malinovka_cef.log" --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3944 --field-trial-handle=3556,1871178917349409598,12597027277999740776,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Games\Malinovka\game\malinovka\cef\malinovka_cef.exe

"C:\Games\Malinovka\game\malinovka\cef\malinovka_cef.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --no-sandbox --locales-dir-path="C:\Games\Malinovka\game\malinovka\cef\locales" --log-severity=info --resources-dir-path="C:\Games\Malinovka\game\malinovka\cef" --lang=ru --user-data-dir="C:\Users\Admin\Documents\Malinovka\cef\data" --log-file="C:\Users\Admin\Documents\Malinovka\cef\malinovka_cef.log" --mojo-platform-channel-handle=3828 --field-trial-handle=3556,1871178917349409598,12597027277999740776,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8

C:\Games\Malinovka\game\malinovka\cef\malinovka_cef.exe

"C:\Games\Malinovka\game\malinovka\cef\malinovka_cef.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=utility --no-sandbox --locales-dir-path="C:\Games\Malinovka\game\malinovka\cef\locales" --log-severity=info --resources-dir-path="C:\Games\Malinovka\game\malinovka\cef" --lang=ru --user-data-dir="C:\Users\Admin\Documents\Malinovka\cef\data" --log-file="C:\Users\Admin\Documents\Malinovka\cef\malinovka_cef.log" --mojo-platform-channel-handle=2944 --field-trial-handle=3556,1871178917349409598,12597027277999740776,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 53.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.212.206:443 apis.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 anydesk.com udp
GB 13.224.81.86:443 anydesk.com tcp
GB 13.224.81.86:443 anydesk.com tcp
US 8.8.8.8:53 ad-wa.anydesk.com udp
DE 167.235.224.171:443 ad-wa.anydesk.com tcp
DE 167.235.224.171:443 ad-wa.anydesk.com tcp
US 8.8.8.8:53 www.anydesk.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 tracking.g2crowd.com udp
US 104.18.130.236:443 cdn.cookielaw.org tcp
US 172.64.144.225:443 tcp
US 8.8.8.8:53 86.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 8.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 171.224.235.167.in-addr.arpa udp
US 8.8.8.8:53 236.130.18.104.in-addr.arpa udp
US 172.64.144.225:443 tcp
US 104.18.130.236:443 cdn.cookielaw.org tcp
GB 13.224.81.86:443 www.anydesk.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 225.144.64.172.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 www.dwin1.com udp
US 8.8.8.8:53 js.hs-scripts.com udp
US 8.8.8.8:53 serve.albacross.com udp
US 8.8.8.8:53 scripts.iconnode.com udp
US 104.16.189.89:443 js.hs-scripts.com tcp
GB 18.172.89.51:443 www.dwin1.com tcp
GB 18.172.89.42:443 serve.albacross.com tcp
US 13.33.52.109:443 scripts.iconnode.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.206.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 js.hs-analytics.net udp
US 8.8.8.8:53 js.hs-banner.com udp
US 104.16.76.186:443 js.hs-analytics.net tcp
US 172.64.153.27:443 js.hs-banner.com tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 lantern.roeyecdn.com udp
US 8.8.8.8:53 track.hubspot.com udp
GB 18.172.89.119:443 lantern.roeyecdn.com tcp
US 104.19.155.83:443 track.hubspot.com tcp
US 8.8.8.8:53 lantern.roeye.com udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 89.189.16.104.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 51.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 42.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 109.52.33.13.in-addr.arpa udp
US 8.8.8.8:53 46.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 186.76.16.104.in-addr.arpa udp
US 8.8.8.8:53 27.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 119.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 83.155.19.104.in-addr.arpa udp
IE 99.80.214.160:443 lantern.roeye.com tcp
US 172.64.153.27:443 js.hs-banner.com tcp
US 8.8.8.8:53 new-collect.albacross.com udp
IE 34.253.175.101:443 new-collect.albacross.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 163.70.147.23:443 connect.facebook.net tcp
US 8.8.8.8:53 12375076.fls.doubleclick.net udp
GB 172.217.169.6:443 12375076.fls.doubleclick.net tcp
GB 172.217.169.6:443 12375076.fls.doubleclick.net tcp
US 8.8.8.8:53 160.214.80.99.in-addr.arpa udp
US 8.8.8.8:53 101.175.253.34.in-addr.arpa udp
GB 172.217.169.6:443 12375076.fls.doubleclick.net tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
GB 172.217.169.6:443 12375076.fls.doubleclick.net udp
US 8.8.8.8:53 download.anydesk.com udp
DE 188.40.104.135:443 download.anydesk.com tcp
DE 188.40.104.135:443 download.anydesk.com tcp
GB 163.70.147.23:443 connect.facebook.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 6.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 135.104.40.188.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 boot.net.anydesk.com udp
DE 49.12.130.237:443 boot.net.anydesk.com tcp
US 8.8.8.8:53 237.130.12.49.in-addr.arpa udp
US 8.8.8.8:53 relay-0135ac48.net.anydesk.com udp
GB 57.128.141.165:443 relay-0135ac48.net.anydesk.com tcp
US 8.8.8.8:53 165.141.128.57.in-addr.arpa udp
US 8.8.8.8:53 api.playanext.com udp
GB 18.165.160.107:80 api.playanext.com tcp
US 8.8.8.8:53 107.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 193.178.17.96.in-addr.arpa udp
GB 57.128.141.165:443 relay-0135ac48.net.anydesk.com tcp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
US 8.8.8.8:53 18.102.255.239.in-addr.arpa udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:8927 udp
N/A 239.255.102.18:1957 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:44199 udp
N/A 239.255.102.18:2658 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:33553 udp
N/A 239.255.102.18:14830 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:44278 udp
N/A 239.255.102.18:31594 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:14637 udp
N/A 239.255.102.18:20283 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:17848 udp
N/A 239.255.102.18:29886 udp
GB 18.165.160.107:80 api.playanext.com tcp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:1273 udp
N/A 239.255.102.18:50536 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:10852 udp
N/A 239.255.102.18:20867 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:11639 udp
N/A 239.255.102.18:22959 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:12287 udp
N/A 239.255.102.18:3955 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:37228 udp
N/A 239.255.102.18:59827 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:32618 udp
N/A 239.255.102.18:41990 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:29939 udp
N/A 239.255.102.18:9256 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:35688 udp
N/A 239.255.102.18:17453 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:36377 udp
N/A 239.255.102.18:43771 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:22577 udp
N/A 239.255.102.18:33152 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:53503 udp
N/A 239.255.102.18:29037 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:27791 udp
N/A 239.255.102.18:53231 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:17104 udp
N/A 239.255.102.18:46698 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:37140 udp
N/A 239.255.102.18:42140 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:41559 udp
N/A 239.255.102.18:18215 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:49780 udp
N/A 239.255.102.18:6729 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:56792 udp
N/A 239.255.102.18:18373 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:3278 udp
N/A 239.255.102.18:16545 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:57775 udp
N/A 239.255.102.18:28384 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:18395 udp
N/A 239.255.102.18:10043 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:21205 udp
N/A 239.255.102.18:61508 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:51970 udp
N/A 239.255.102.18:30397 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:34907 udp
N/A 239.255.102.18:18613 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:41918 udp
N/A 239.255.102.18:12940 udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
N/A 192.168.3.80:7070 tcp
RU 46.73.7.163:53482 tcp
RU 46.73.7.163:7070 tcp
US 8.8.8.8:53 163.7.73.46.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.200.14:443 clients2.google.com udp
US 8.8.8.8:53 malinovka.org udp
GB 87.251.65.10:443 malinovka.org tcp
GB 87.251.65.10:443 malinovka.org tcp
US 8.8.8.8:53 10.65.251.87.in-addr.arpa udp
US 8.8.8.8:53 ws.malinovka.org udp
GB 87.251.65.10:443 ws.malinovka.org tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 216.239.32.36:443 udp
GB 87.251.65.10:443 ws.malinovka.org tcp
US 8.8.8.8:53 static.malinovka.app udp
RU 193.17.93.93:443 static.malinovka.app tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 api-host.malinovka.org udp
US 8.8.8.8:53 api.malinovka.org udp
GB 87.251.65.10:443 api.malinovka.org tcp
US 8.8.8.8:53 ws.malinovka.org udp
US 8.8.8.8:53 appcdn1.malinovka.app udp
GB 87.251.65.10:443 ws.malinovka.org tcp
US 188.114.97.2:443 appcdn1.malinovka.app tcp
US 188.114.97.2:443 appcdn1.malinovka.app tcp
US 8.8.8.8:53 static.malinovka.app udp
RU 193.17.93.93:443 static.malinovka.app tcp
US 8.8.8.8:53 2.97.114.188.in-addr.arpa udp
RU 193.17.93.93:443 static.malinovka.app tcp
RU 193.17.93.93:443 static.malinovka.app tcp
RU 193.17.93.93:443 static.malinovka.app tcp
GB 87.251.65.10:443 ws.malinovka.org tcp
US 8.8.8.8:53 vk.com udp
GB 142.250.178.4:443 www.google.com tcp
RU 87.240.132.72:443 vk.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 87.251.65.10:443 ws.malinovka.org tcp
US 8.8.8.8:53 72.132.240.87.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 216.239.32.36:443 udp
US 8.8.8.8:53 static.malinovka.app udp
GB 87.251.65.10:443 ws.malinovka.org tcp
RU 193.17.93.93:443 static.malinovka.app tcp
RU 193.17.93.93:443 static.malinovka.app tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 67.168.217.172.in-addr.arpa udp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
GB 87.251.65.10:443 ws.malinovka.org tcp
US 8.8.8.8:53 static.malinovka.app udp
RU 193.17.93.93:443 static.malinovka.app tcp
GB 87.251.65.10:443 ws.malinovka.org tcp
RU 193.17.93.93:443 static.malinovka.app tcp
GB 87.251.65.10:443 ws.malinovka.org tcp
GB 87.251.65.10:443 ws.malinovka.org tcp
GB 87.251.65.10:443 ws.malinovka.org tcp
US 8.8.8.8:53 udp
US 204.79.197.239:443 tcp
US 8.8.8.8:53 239.197.79.204.in-addr.arpa udp
US 216.239.32.36:443 udp
GB 87.251.65.10:443 ws.malinovka.org tcp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
DE 172.217.18.99:443 beacons2.gvt2.com tcp
DE 172.217.18.99:443 beacons2.gvt2.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 99.18.217.172.in-addr.arpa udp
GB 87.251.65.10:443 ws.malinovka.org tcp
GB 87.251.65.10:443 ws.malinovka.org tcp
US 216.239.32.36:443 udp
GB 87.251.65.10:443 ws.malinovka.org tcp
RU 87.240.132.72:443 vk.com tcp
US 8.8.8.8:53 st6-23.vk.com udp
NL 95.142.206.3:443 st6-23.vk.com tcp
NL 95.142.206.3:443 st6-23.vk.com tcp
NL 95.142.206.3:443 st6-23.vk.com tcp
NL 95.142.206.3:443 st6-23.vk.com tcp
NL 95.142.206.3:443 st6-23.vk.com tcp
NL 95.142.206.3:443 st6-23.vk.com tcp
NL 95.142.206.3:443 st6-23.vk.com tcp
NL 95.142.206.3:443 st6-23.vk.com tcp
US 8.8.8.8:53 3.206.142.95.in-addr.arpa udp
US 8.8.8.8:53 sun9-20.userapi.com udp
RU 93.186.227.131:443 sun9-20.userapi.com tcp
RU 93.186.227.131:443 sun9-20.userapi.com tcp
US 8.8.8.8:53 sun9-78.userapi.com udp
RU 87.240.169.1:443 sun9-78.userapi.com tcp
US 8.8.8.8:53 131.227.186.93.in-addr.arpa udp
NL 95.142.206.3:443 st6-23.vk.com tcp
US 8.8.8.8:53 sun9-52.userapi.com udp
US 8.8.8.8:53 sun9-67.userapi.com udp
US 8.8.8.8:53 sun9-41.userapi.com udp
US 8.8.8.8:53 sun9-12.userapi.com udp
US 8.8.8.8:53 sun9-17.userapi.com udp
US 8.8.8.8:53 sun9-33.userapi.com udp
US 8.8.8.8:53 sun6-20.userapi.com udp
US 8.8.8.8:53 sun9-31.userapi.com udp
US 8.8.8.8:53 login.vk.com udp
US 8.8.8.8:53 sun9-38.userapi.com udp
US 8.8.8.8:53 sun9-75.userapi.com udp
RU 87.240.185.155:443 sun9-52.userapi.com tcp
RU 93.186.227.148:443 sun9-41.userapi.com tcp
RU 87.240.185.166:443 sun9-67.userapi.com tcp
RU 87.240.129.181:443 login.vk.com tcp
RU 93.186.227.142:443 sun9-31.userapi.com tcp
RU 93.186.227.144:443 sun9-33.userapi.com tcp
RU 93.186.227.128:443 sun9-17.userapi.com tcp
RU 87.240.185.139:443 sun9-12.userapi.com tcp
RU 87.240.185.145:443 sun9-38.userapi.com tcp
RU 87.240.185.145:443 sun9-38.userapi.com tcp
NL 95.142.206.0:443 sun6-20.userapi.com tcp
RU 93.186.227.158:443 sun9-75.userapi.com tcp
US 8.8.8.8:53 sun9-79.userapi.com udp
RU 87.240.169.2:443 sun9-79.userapi.com tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 tns-counter.ru udp
US 8.8.8.8:53 sun9-29.userapi.com udp
US 8.8.8.8:53 sun9-40.userapi.com udp
US 8.8.8.8:53 sun9-62.userapi.com udp
US 8.8.8.8:53 sun9-7.userapi.com udp
US 8.8.8.8:53 sun9-73.userapi.com udp
US 8.8.8.8:53 sun9-69.userapi.com udp
US 8.8.8.8:53 sun9-26.userapi.com udp
US 8.8.8.8:53 sun9-68.userapi.com udp
US 8.8.8.8:53 sun9-13.userapi.com udp
US 8.8.8.8:53 mincifry-cert.vk.com udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 93.186.227.156:443 sun9-73.userapi.com tcp
RU 93.186.227.137:443 sun9-26.userapi.com tcp
RU 87.240.185.168:443 sun9-69.userapi.com tcp
RU 87.240.185.140:443 sun9-13.userapi.com tcp
RU 87.240.185.134:443 sun9-7.userapi.com tcp
RU 87.240.185.167:443 sun9-68.userapi.com tcp
RU 87.240.185.161:443 sun9-62.userapi.com tcp
RU 87.240.185.147:443 sun9-40.userapi.com tcp
RU 194.226.130.226:443 tns-counter.ru tcp
RU 93.186.227.140:443 sun9-29.userapi.com tcp
US 8.8.8.8:53 sun9-65.userapi.com udp
US 8.8.8.8:53 sun9-36.userapi.com udp
US 8.8.8.8:53 sun9-21.userapi.com udp
US 8.8.8.8:53 0.206.142.95.in-addr.arpa udp
US 8.8.8.8:53 sun9-48.userapi.com udp
US 8.8.8.8:53 155.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 sun9-39.userapi.com udp
US 8.8.8.8:53 1.169.240.87.in-addr.arpa udp
US 8.8.8.8:53 sun9-14.userapi.com udp
US 8.8.8.8:53 sun9-45.userapi.com udp
US 8.8.8.8:53 sun9-58.userapi.com udp
US 8.8.8.8:53 148.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 sun9-46.userapi.com udp
US 8.8.8.8:53 166.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 sun9-25.userapi.com udp
US 8.8.8.8:53 181.129.240.87.in-addr.arpa udp
US 8.8.8.8:53 142.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 139.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 145.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 144.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 128.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 158.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 2.169.240.87.in-addr.arpa udp
US 8.8.8.8:53 67.52.163.95.in-addr.arpa udp
RU 93.186.227.147:443 sun9-36.userapi.com tcp
RU 93.186.227.132:443 sun9-21.userapi.com tcp
RU 87.240.185.151:443 sun9-48.userapi.com tcp
RU 87.240.185.164:443 sun9-65.userapi.com tcp
RU 93.186.227.153:443 sun9-58.userapi.com tcp
RU 87.240.185.149:443 sun9-46.userapi.com tcp
RU 87.240.185.148:443 sun9-45.userapi.com tcp
RU 87.240.185.146:443 sun9-39.userapi.com tcp
RU 87.240.185.141:443 sun9-14.userapi.com tcp
RU 93.186.227.136:443 sun9-25.userapi.com tcp
US 8.8.8.8:53 sun9-27.userapi.com udp
US 8.8.8.8:53 sun9-60.userapi.com udp
US 8.8.8.8:53 sun9-3.userapi.com udp
RU 93.186.227.138:443 sun9-27.userapi.com tcp
RU 93.186.227.155:443 sun9-60.userapi.com tcp
RU 87.240.185.130:443 sun9-3.userapi.com tcp
US 8.8.8.8:53 sun9-77.userapi.com udp
US 8.8.8.8:53 sun9-59.userapi.com udp
RU 93.186.227.155:443 sun9-60.userapi.com tcp
US 8.8.8.8:53 sun9-50.userapi.com udp
US 8.8.8.8:53 sun9-80.userapi.com udp
US 8.8.8.8:53 sun9-15.userapi.com udp
US 8.8.8.8:53 sun9-66.userapi.com udp
RU 93.186.227.154:443 sun9-59.userapi.com tcp
RU 87.240.169.0:443 sun9-77.userapi.com tcp
RU 87.240.185.153:443 sun9-50.userapi.com tcp
RU 87.240.185.165:443 sun9-66.userapi.com tcp
RU 87.240.169.3:443 sun9-80.userapi.com tcp
RU 87.240.185.142:443 sun9-15.userapi.com tcp
RU 87.240.169.3:443 sun9-80.userapi.com tcp
US 8.8.8.8:53 sun9-8.userapi.com udp
US 8.8.8.8:53 sun9-64.userapi.com udp
US 8.8.8.8:53 sun9-53.userapi.com udp
RU 87.240.185.156:443 sun9-53.userapi.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
RU 87.240.185.135:443 sun9-8.userapi.com tcp
RU 87.240.185.163:443 sun9-64.userapi.com tcp
US 8.8.8.8:53 sun9-44.userapi.com udp
CH 216.58.215.227:443 beacons.gvt2.com tcp
US 8.8.8.8:53 sun9-18.userapi.com udp
US 8.8.8.8:53 sun9-30.userapi.com udp
US 8.8.8.8:53 sun9-10.userapi.com udp
RU 87.240.185.156:443 sun9-53.userapi.com tcp
RU 93.186.227.151:443 sun9-44.userapi.com tcp
US 8.8.8.8:53 sun9-55.userapi.com udp
RU 93.186.227.129:443 sun9-18.userapi.com tcp
RU 93.186.227.129:443 sun9-18.userapi.com tcp
RU 93.186.227.141:443 sun9-30.userapi.com tcp
RU 87.240.185.137:443 sun9-10.userapi.com tcp
RU 87.240.185.158:443 sun9-55.userapi.com tcp
US 8.8.8.8:53 156.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 140.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 168.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 137.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 147.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 134.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 167.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 161.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 140.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 226.130.226.194.in-addr.arpa udp
US 8.8.8.8:53 147.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 132.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 164.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 153.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 148.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 149.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 146.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 141.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 136.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 138.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 151.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 155.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 130.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 154.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 153.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 0.169.240.87.in-addr.arpa udp
US 8.8.8.8:53 165.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 3.169.240.87.in-addr.arpa udp
US 8.8.8.8:53 142.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 156.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 163.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 135.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 227.215.58.216.in-addr.arpa udp
CH 216.58.215.227:443 beacons.gvt2.com udp
US 8.8.8.8:53 i.mycdn.me udp
US 8.8.8.8:53 www.tns-counter.ru udp
US 8.8.8.8:53 vk-callback.go.mail.ru udp
RU 194.226.130.226:443 www.tns-counter.ru tcp
RU 5.61.236.200:443 vk-callback.go.mail.ru tcp
RU 5.61.236.200:443 vk-callback.go.mail.ru tcp
US 8.8.8.8:53 stats.vk-portal.net udp
RU 217.20.156.158:443 i.mycdn.me tcp
RU 217.20.156.158:443 i.mycdn.me tcp
RU 87.240.129.132:443 stats.vk-portal.net tcp
US 8.8.8.8:53 151.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 129.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 141.227.186.93.in-addr.arpa udp
US 8.8.8.8:53 137.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 158.185.240.87.in-addr.arpa udp
US 8.8.8.8:53 200.236.61.5.in-addr.arpa udp
US 8.8.8.8:53 158.156.20.217.in-addr.arpa udp
US 8.8.8.8:53 132.129.240.87.in-addr.arpa udp
GB 87.251.65.10:443 ws.malinovka.org tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 zoom.us udp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 8.8.8.8:53 2.52.114.170.in-addr.arpa udp
US 170.114.52.2:443 zoom.us udp
US 8.8.8.8:53 st1.zoom.us udp
US 8.8.8.8:53 explore.zoom.us udp
US 8.8.8.8:53 st3.zoom.us udp
US 8.8.8.8:53 st2.zoom.us udp
US 52.84.151.43:443 st2.zoom.us tcp
US 52.84.151.38:443 st2.zoom.us tcp
US 52.84.151.38:443 st2.zoom.us tcp
US 52.84.151.38:443 st2.zoom.us tcp
US 52.84.151.43:443 st2.zoom.us tcp
US 52.84.151.43:443 st2.zoom.us tcp
US 52.84.151.43:443 st2.zoom.us tcp
US 52.84.151.43:443 st2.zoom.us tcp
US 52.84.151.43:443 st2.zoom.us tcp
US 52.84.151.43:443 st2.zoom.us tcp
US 52.84.151.38:443 st2.zoom.us udp
US 8.8.8.8:53 43.151.84.52.in-addr.arpa udp
US 8.8.8.8:53 38.151.84.52.in-addr.arpa udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 file-paa.zoom.us udp
US 8.8.8.8:53 cdn.solvvy.com udp
US 8.8.8.8:53 cdn3.optimizely.com udp
US 104.18.131.236:443 cdn.cookielaw.org tcp
US 34.98.108.207:443 cdn.solvvy.com tcp
US 52.84.151.46:443 file-paa.zoom.us tcp
US 52.84.151.46:443 file-paa.zoom.us tcp
US 52.84.151.46:443 file-paa.zoom.us tcp
US 52.84.151.46:443 file-paa.zoom.us tcp
US 52.84.151.46:443 file-paa.zoom.us tcp
US 52.84.151.46:443 file-paa.zoom.us tcp
GB 23.211.98.147:443 cdn3.optimizely.com tcp
US 52.84.151.38:443 st2.zoom.us udp
US 8.8.8.8:53 a20673560014.cdn.optimizely.com udp
GB 104.84.92.152:443 a20673560014.cdn.optimizely.com tcp
US 8.8.8.8:53 236.131.18.104.in-addr.arpa udp
US 8.8.8.8:53 207.108.98.34.in-addr.arpa udp
US 8.8.8.8:53 147.98.211.23.in-addr.arpa udp
US 8.8.8.8:53 46.151.84.52.in-addr.arpa udp
US 8.8.8.8:53 152.92.84.104.in-addr.arpa udp
US 104.18.131.236:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 config.datas3ntinel.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 151.101.2.132:443 config.datas3ntinel.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 132.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
GB 3.162.19.171:443 cdn.amplitude.com tcp
US 8.8.8.8:53 collect.datas3ntinel.com udp
US 151.101.2.132:443 collect.datas3ntinel.com tcp
US 8.8.8.8:53 zoom-privacy.my.onetrust.com udp
US 172.64.155.119:443 zoom-privacy.my.onetrust.com tcp
US 8.8.8.8:53 171.19.162.3.in-addr.arpa udp
US 8.8.8.8:53 api2.amplitude.com udp
US 54.184.173.212:443 api2.amplitude.com tcp
US 8.8.8.8:53 js.zi-scripts.com udp
US 8.8.8.8:53 s.adroll.com udp
US 8.8.8.8:53 tag.demandbase.com udp
US 8.8.8.8:53 tracking.g2crowd.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 s.yimg.jp udp
US 8.8.8.8:53 scout-cdn.salesloft.com udp
US 8.8.8.8:53 t.contentsquare.net udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 9513928.fls.doubleclick.net udp
US 172.64.150.44:443 js.zi-scripts.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 13.224.81.45:443 tag.demandbase.com tcp
US 204.79.197.200:443 bat.bing.com tcp
US 13.33.52.41:443 t.contentsquare.net tcp
GB 96.17.178.196:443 snap.licdn.com tcp
JP 182.22.31.252:443 s.yimg.jp tcp
US 104.17.67.65:443 scout-cdn.salesloft.com tcp
US 172.64.144.225:443 tracking.g2crowd.com tcp
US 172.64.155.119:443 zoom-privacy.my.onetrust.com tcp
GB 54.230.10.92:443 s.adroll.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 172.217.169.6:443 9513928.fls.doubleclick.net tcp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 212.173.184.54.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 44.150.64.172.in-addr.arpa udp
US 8.8.8.8:53 196.178.17.96.in-addr.arpa udp
JP 182.22.31.252:443 s.yimg.jp tcp
US 172.64.150.44:443 js.zi-scripts.com tcp
US 8.8.8.8:53 utt.impactcdn.com udp
US 8.8.8.8:53 collector-29673.us.tvsquared.com udp
US 8.8.8.8:53 s.usea01.idio.episerver.net udp
US 52.15.117.189:443 collector-29673.us.tvsquared.com tcp
US 35.186.249.72:443 utt.impactcdn.com tcp
US 172.64.150.90:443 s.usea01.idio.episerver.net tcp
US 8.8.8.8:53 cdn.metadata.io udp
US 8.8.8.8:53 s.company-target.com udp
US 8.8.8.8:53 trkn.us udp
US 8.8.8.8:53 api.company-target.com udp
US 8.8.8.8:53 px.ads.linkedin.com udp
GB 18.165.160.16:443 cdn.metadata.io tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 scout.salesloft.com udp
GB 172.217.169.6:443 9513928.fls.doubleclick.net udp
GB 2.16.128.112:443 trkn.us tcp
GB 2.16.128.112:443 trkn.us tcp
GB 2.16.128.112:443 trkn.us tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
GB 18.172.89.30:443 api.company-target.com tcp
US 34.96.71.22:443 s.company-target.com tcp
US 8.8.8.8:53 www.google.co.uk udp
US 54.163.171.165:443 scout.salesloft.com tcp
GB 54.230.10.92:443 s.adroll.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 d.adroll.com udp
US 8.8.8.8:53 repository.secomtrust.net udp
IE 52.215.93.67:443 d.adroll.com tcp
US 8.8.8.8:53 zoom.sjv.io udp
US 8.8.8.8:53 csxd.contentsquare.net udp
US 8.8.8.8:53 a.usea01.idio.episerver.net udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 partners.tremorhub.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 35.227.211.136:443 zoom.sjv.io tcp
JP 61.114.177.151:80 repository.secomtrust.net tcp
GB 18.172.89.84:443 csxd.contentsquare.net tcp
US 8.8.8.8:53 api-gw.metadata.io udp
US 8.8.8.8:53 a.usbrowserspeed.com udp
US 8.8.8.8:53 ws-assets.zoominfo.com udp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
US 3.227.114.114:443 partners.tremorhub.com tcp
US 8.8.8.8:53 tag-logger.demandbase.com udp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
US 8.8.8.8:53 ws.zoominfo.com udp
JP 61.114.177.151:80 repository.secomtrust.net tcp
US 44.227.221.167:443 api-gw.metadata.io tcp
US 52.42.17.251:443 a.usbrowserspeed.com tcp
US 104.16.137.15:443 ws.zoominfo.com tcp
US 104.16.136.15:443 ws.zoominfo.com tcp
GB 18.165.160.10:443 tag-logger.demandbase.com tcp
US 3.227.114.114:443 partners.tremorhub.com tcp
US 44.227.221.167:443 api-gw.metadata.io tcp
US 8.8.8.8:53 c.contentsquare.net udp
US 8.8.8.8:53 65.67.17.104.in-addr.arpa udp
US 8.8.8.8:53 45.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 41.52.33.13.in-addr.arpa udp
US 8.8.8.8:53 92.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 252.31.22.182.in-addr.arpa udp
US 8.8.8.8:53 72.249.186.35.in-addr.arpa udp
US 8.8.8.8:53 90.150.64.172.in-addr.arpa udp
US 8.8.8.8:53 189.117.15.52.in-addr.arpa udp
US 8.8.8.8:53 16.160.165.18.in-addr.arpa udp
US 52.42.17.251:443 a.usbrowserspeed.com tcp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 22.71.96.34.in-addr.arpa udp
US 8.8.8.8:53 30.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 165.171.163.54.in-addr.arpa udp
US 8.8.8.8:53 67.93.215.52.in-addr.arpa udp
US 8.8.8.8:53 136.211.227.35.in-addr.arpa udp
US 8.8.8.8:53 84.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 80.162.19.213.in-addr.arpa udp
IE 52.19.227.74:443 c.contentsquare.net tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com udp
US 104.16.136.15:443 ws.zoominfo.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 ipv4.d.adroll.com udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.147.23:443 connect.facebook.net udp
US 104.16.136.15:443 ws.zoominfo.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 cdn.zoom.us udp
US 8.8.8.8:53 q-aus1.contentsquare.net udp
US 8.8.8.8:53 sync.outbrain.com udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 sync.taboola.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 44.194.166.170:443 q-aus1.contentsquare.net tcp
US 52.84.151.42:443 cdn.zoom.us tcp
GB 142.250.200.46:443 www.youtube.com udp
US 13.248.245.213:443 eb2.3lift.com tcp
US 35.244.159.8:443 us-u.openx.net tcp
US 50.31.142.95:443 sync.outbrain.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
DE 37.252.171.149:443 ib.adnxs.com tcp
GB 185.64.191.210:443 image2.pubmatic.com tcp
NL 141.226.228.48:443 sync.taboola.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 srm.bf.contentsquare.net udp
US 3.208.151.21:443 srm.bf.contentsquare.net tcp
US 8.8.8.8:53 k-aus1.contentsquare.net udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 3.208.151.21:443 srm.bf.contentsquare.net tcp
US 8.8.8.8:53 udp
US 54.86.48.198:443 k-aus1.contentsquare.net tcp
US 8.8.8.8:53 21.151.208.3.in-addr.arpa udp
US 8.8.8.8:53 198.48.86.54.in-addr.arpa udp
US 170.114.65.137:443 tcp
US 170.114.65.137:443 tcp
US 54.86.48.198:443 k-aus1.contentsquare.net tcp
US 8.8.8.8:53 udp
US 54.86.48.198:443 k-aus1.contentsquare.net tcp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
US 52.84.151.63:443 st2.zoom.us tcp
US 8.8.8.8:53 d.adroll.com udp
IE 52.51.87.77:443 d.adroll.com tcp
US 8.8.8.8:53 google.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
GB 216.58.204.78:443 google.com tcp
US 8.8.8.8:53 77.87.51.52.in-addr.arpa udp
US 8.8.8.8:53 e2c4.gcp.gvt2.com udp
JP 34.97.161.128:443 e2c4.gcp.gvt2.com tcp
JP 34.97.161.128:443 e2c4.gcp.gvt2.com tcp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 128.161.97.34.in-addr.arpa udp
US 170.114.52.5:443 us05www3.zoom.us tcp
US 8.8.8.8:53 c.contentsquare.net udp
US 8.8.8.8:53 k-aus1.contentsquare.net udp
IE 52.30.246.4:443 c.contentsquare.net tcp
US 23.21.244.73:443 k-aus1.contentsquare.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.200.3:443 beacons5.gvt3.com tcp
US 8.8.8.8:53 5.52.114.170.in-addr.arpa udp
US 8.8.8.8:53 4.246.30.52.in-addr.arpa udp
US 8.8.8.8:53 73.244.21.23.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 cdn.zoom.us udp
US 52.84.151.41:443 cdn.zoom.us tcp
US 52.84.151.63:443 st2.zoom.us tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.201.97:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 udp
N/A 206.247.16.213:3478 udp
N/A 144.195.33.213:3478 udp
N/A 144.195.33.213:3479 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 144.195.33.213:3478 udp
N/A 144.195.32.213:3478 udp
N/A 144.195.32.213:3479 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 52.84.151.63:443 st2.zoom.us tcp
US 52.84.151.63:443 st2.zoom.us tcp
US 52.84.151.63:443 st2.zoom.us tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.212.206:443 apis.google.com udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 join.worldoftanks.eu udp
LU 92.223.51.163:443 join.worldoftanks.eu tcp
US 8.8.8.8:53 adn.wargaming.net udp
LU 92.223.23.230:443 adn.wargaming.net tcp
US 8.8.8.8:53 promo.worldoftanks.eu udp
GB 93.123.11.62:443 promo.worldoftanks.eu tcp
US 8.8.8.8:53 198.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 163.51.223.92.in-addr.arpa udp
US 8.8.8.8:53 promo.worldoftanks.com udp
US 8.8.8.8:53 tenor.wargaming.net udp
LU 92.223.21.23:443 tenor.wargaming.net tcp
GB 93.123.11.62:443 promo.worldoftanks.com tcp
GB 93.123.11.62:443 promo.worldoftanks.com tcp
US 8.8.8.8:53 www.clarity.ms udp
LU 92.223.21.23:443 tenor.wargaming.net tcp
US 13.107.253.64:443 www.clarity.ms tcp
US 8.8.8.8:53 230.23.223.92.in-addr.arpa udp
US 8.8.8.8:53 62.11.123.93.in-addr.arpa udp
US 8.8.8.8:53 23.21.223.92.in-addr.arpa udp
US 8.8.8.8:53 c.clarity.ms udp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
IE 68.219.88.97:443 c.clarity.ms tcp
US 8.8.8.8:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.200:443 c.bing.com tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 34.31.224.52.in-addr.arpa udp
GB 142.250.180.2:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 wargaming-privacy.my.onetrust.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.206.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 156.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
DE 172.217.18.99:443 beacons2.gvt2.com udp
GB 172.217.169.6:443 9513928.fls.doubleclick.net udp
LU 150.107.125.225:443 tcp
US 8.8.8.8:53 205.189.188.5.in-addr.arpa udp
US 8.8.8.8:53 cdn-cm.wgcdn.co udp
GB 93.123.11.62:443 cdn-cm.wgcdn.co tcp
LU 92.223.22.240:443 tcp
LU 92.223.22.240:443 tcp
LU 92.223.22.240:443 tcp
LU 92.223.22.240:443 tcp
LU 92.223.22.240:443 tcp
US 8.8.8.8:53 240.22.223.92.in-addr.arpa udp
LU 92.223.21.23:443 tenor.wargaming.net tcp
LU 92.223.21.23:443 tenor.wargaming.net tcp
US 8.8.8.8:53 amplify.outbrain.com udp
GB 96.16.109.182:443 amplify.outbrain.com tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 182.109.16.96.in-addr.arpa udp
LU 92.223.22.240:443 tcp
US 8.8.8.8:53 tr.outbrain.com udp
US 64.74.236.255:443 tr.outbrain.com tcp
US 64.74.236.255:443 tr.outbrain.com tcp
US 64.74.236.255:443 tr.outbrain.com tcp
US 8.8.8.8:53 wave.outbrain.com udp
GB 96.16.109.182:443 wave.outbrain.com tcp
US 8.8.8.8:53 255.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 collect.wargaming.net udp
US 216.239.34.21:443 collect.wargaming.net tcp
US 8.8.8.8:53 21.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
LU 5.188.189.205:443 tcp
LU 5.188.189.205:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
US 8.8.8.8:53 e2c76.gcp.gvt2.com udp
SA 34.1.52.129:443 e2c76.gcp.gvt2.com tcp
SA 34.1.52.129:443 e2c76.gcp.gvt2.com tcp
US 8.8.8.8:53 129.52.1.34.in-addr.arpa udp
CH 216.58.215.227:443 beacons.gvt2.com udp
BE 74.125.206.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 wgusst-wgceu.wargaming.net udp
US 8.8.8.8:53 10.20.223.92.in-addr.arpa udp
LU 92.223.20.10:80 tcp
LU 92.223.51.143:443 tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c15.gcp.gvt2.com udp
GB 34.105.225.79:443 e2c15.gcp.gvt2.com tcp
US 8.8.8.8:53 udp
GB 93.123.11.62:443 cdn-cm.wgcdn.co tcp
LU 150.107.125.225:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
LU 92.223.51.163:443 join.worldoftanks.eu tcp
LU 92.223.51.163:443 join.worldoftanks.eu tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
LU 92.223.51.163:443 join.worldoftanks.eu tcp
LU 92.223.20.38:443 tcp
N/A 92.223.22.119:443 tcp
LU 92.223.22.86:443 tcp
LU 92.223.22.86:443 tcp
LU 150.107.125.119:443 tcp
LU 92.223.23.103:443 tcp
LU 92.223.22.132:443 tcp
LU 92.223.22.85:443 tcp
LU 5.188.189.202:443 tcp
N/A 92.223.51.88:443 tcp
LU 92.223.51.163:443 join.worldoftanks.eu tcp
LU 92.223.22.118:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
LU 92.223.22.240:443 tcp
LU 92.223.22.240:443 tcp
N/A 92.223.22.119:443 tcp
N/A 92.223.51.88:443 tcp
GB 142.250.178.10:443 udp
LU 92.223.22.240:443 tcp
LU 92.223.22.240:443 tcp
LU 92.223.22.240:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 142.250.180.2:443 udp
GB 163.70.147.23:443 udp
IE 52.95.126.138:443 tcp
US 13.107.253.64:443 www.clarity.ms tcp
US 8.8.8.8:53 udp
LU 92.223.22.240:443 tcp
GB 163.70.147.35:443 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 92.223.56.43:443 tcp
US 92.223.56.43:443 tcp
US 8.8.8.8:53 udp
GB 93.123.11.62:443 cdn-cm.wgcdn.co tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 142.250.200.3:443 beacons.gvt2.com udp
LU 92.223.20.10:80 wgusst-wgceu.wargaming.net tcp
US 8.8.8.8:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 clients2.google.com udp
US 52.224.31.34:443 h.clarity.ms tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 minecraftshader.com udp
US 148.163.69.194:443 minecraftshader.com tcp
US 148.163.69.194:443 minecraftshader.com tcp
US 148.163.69.194:443 minecraftshader.com tcp
US 8.8.8.8:53 c0.wp.com udp
US 8.8.8.8:53 i0.wp.com udp
US 8.8.8.8:53 kit.fontawesome.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 194.69.163.148.in-addr.arpa udp
US 104.18.40.68:443 kit.fontawesome.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 cdn.intergient.com udp
US 148.163.69.194:443 minecraftshader.com udp
US 8.8.8.8:53 waust.at udp
US 192.0.76.3:443 stats.wp.com tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
GB 18.165.160.78:443 cdn.intergient.com tcp
GB 18.165.160.78:443 cdn.intergient.com tcp
US 172.67.71.57:443 waust.at tcp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 68.40.18.104.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 57.71.67.172.in-addr.arpa udp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
BE 74.125.206.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 cdn.intergi.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 142.250.179.226:443 securepubads.g.doubleclick.net tcp
GB 54.230.10.75:443 cdn.intergi.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 ka-p.fontawesome.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 whos.amung.us udp
US 192.0.77.2:443 i0.wp.com udp
US 104.22.75.171:443 whos.amung.us tcp
GB 142.250.179.226:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 75.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 171.75.22.104.in-addr.arpa udp
GB 216.58.201.97:443 lh3.googleusercontent.com udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 104.22.75.171:443 whos.amung.us udp
US 8.8.8.8:53 config.playwire.com udp
US 8.8.8.8:53 impression-inferences-edge-prod.playwire.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 z.moatads.com udp
US 8.8.8.8:53 px.moatads.com udp
GB 13.224.81.3:443 config.playwire.com tcp
GB 18.172.89.16:443 impression-inferences-edge-prod.playwire.com tcp
US 104.22.74.216:443 btloader.com tcp
GB 23.44.233.148:443 px.moatads.com tcp
GB 23.44.233.148:443 px.moatads.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 3.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 16.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 148.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.169.65:443 tpc.googlesyndication.com tcp
GB 172.217.169.65:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.googletagservices.com udp
GB 172.217.169.34:443 www.googletagservices.com tcp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 104.22.75.171:443 whos.amung.us udp
US 8.8.8.8:53 pdfixers.com udp
US 172.67.147.142:443 pdfixers.com tcp
US 172.67.147.142:443 pdfixers.com tcp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 172.67.147.142:443 pdfixers.com udp
US 8.8.8.8:53 142.147.67.172.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 pixel.pdfixers.com udp
US 8.8.8.8:53 pixel.pdfixers.com udp
US 8.8.8.8:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 api.malinovka.org udp
GB 87.251.65.10:443 api.malinovka.org tcp
US 8.8.8.8:53 malinovka.org udp
GB 87.251.65.10:443 malinovka.org tcp
GB 87.251.65.10:443 malinovka.org tcp
US 8.8.8.8:53 ws.malinovka.org udp
GB 87.251.65.10:443 ws.malinovka.org tcp
GB 87.251.65.10:443 ws.malinovka.org tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.67:443 beacons3.gvt2.com tcp
GB 172.217.169.67:443 beacons3.gvt2.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp
CH 172.217.168.67:443 beacons.gcp.gvt2.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 c.contentsquare.net udp
US 8.8.8.8:53 k-aus1.contentsquare.net udp
US 204.79.197.200:443 bat.bing.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 23.21.244.73:443 k-aus1.contentsquare.net tcp
IE 52.19.227.74:443 c.contentsquare.net tcp
US 204.79.197.200:443 bat.bing.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 23.214.133.66:443 cxcs.microsoft.net tcp
GB 92.123.128.158:443 www.bing.com tcp
US 8.8.8.8:53 66.133.214.23.in-addr.arpa udp
US 8.8.8.8:53 158.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 123.10.44.20.in-addr.arpa udp
US 8.8.8.8:53 149.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 136.71.105.51.in-addr.arpa udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 appcdn1.malinovka.app udp
US 172.67.203.244:443 appcdn1.malinovka.app tcp
US 8.8.8.8:53 244.203.67.172.in-addr.arpa udp
US 8.8.8.8:53 api.malinovka.org udp
US 172.67.203.244:443 appcdn1.malinovka.app tcp
GB 87.251.65.10:443 api.malinovka.org tcp
GB 87.251.65.10:443 api.malinovka.org tcp
GB 87.251.65.10:443 api.malinovka.org tcp
GB 87.251.65.10:443 api.malinovka.org tcp
US 8.8.8.8:53 ping-test-ams.malinovka.app udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 malinovka.org udp
US 8.8.8.8:53 malinovka.org udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 malinovka.org udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 servers4.pro udp
US 8.8.8.8:53 servers4.pro udp
GB 87.251.65.10:443 malinovka.org tcp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3e71d66ce903fcba6050e4b99b624fa7
SHA1 139d274762405b422eab698da8cc85f405922de5
SHA256 53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3
SHA512 17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

\??\pipe\LOCAL\crashpad_2940_LOOOMHZQSEXATSDD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 14b6fcf504a9fe510bcd7f78c5ef205c
SHA1 4bb45ae5e8a9b9238737be0ff1175d07a9b17d0c
SHA256 2bc613d8133dac4b293da715d1c27bbb3622165e09a42c749aafd2b757c8b864
SHA512 e9fee0b8d8655221cf1ef81ff5e8242b8d3ab4d6fcbebabb74779de77756cef0aeb932a58b37729c58cf16d2ebc4c1adf9d057bf9ee2d8467768f2392d83beec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 28a79fa3d16fe97aa1574270fbcf6da8
SHA1 512a34bb3da19b92d9846e55f49cadad1adf8eed
SHA256 460ceb49f1bf749104e10bfb5bb030e4b73867ff335569e8576658889cb7f7e0
SHA512 3daf990620dd868d481dd0cf42ba3a8c71e8bfde226085273c02e0ca7b4a2ef87cfaff2bfb40297997dce5de7ec46bcd46b8e665544885f75755b511f4256580

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 339cd2b2a121d64dca7ad815469a4edf
SHA1 bf80da1fb3724567346eb898a1a1361d90523abf
SHA256 c43738920b1cf6a17cf33a2e67e8792fc74838d68199adb2f3b236c409eca8e7
SHA512 dae37f468ef9a321212f38482dc75fb34077ed39b48c83c8f7981cd275ac2cdd258442e9b12ae86950898e289ac6099bfaf3e12c08bdbdb3fea595c0c6af4911

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 d52dc2ca09d662937e3e669200ec0cb9
SHA1 d61e36c11bd13511e35c2221ce2d82f509d38e91
SHA256 288af9448609160db5ae774bb18de8d77e367e51f21919a22f85fc1954140fed
SHA512 dc294f662521adec1ae09bf0e53de9de7ea1f17f8cfa5ed42b1310d0127709e2755d586e6329fcbdd65a10654d5157f895809fdd95bfdaf2c72b704d70843eb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\Desktop\ClearTrace.contact

MD5 3cfbb045282e8a0ef2f13e8268e53962
SHA1 eb8df6508ae8c2639df061e08918bb67d9e8c562
SHA256 44fe247e476cb3e922c38825a5195906844a89436776056b00dc784917240575
SHA512 14376fb126d7119a113b4b5206e53c8d5853af78bdd5d653f4c07196384bae2bda4f493d23604f614b3d349393fa75e05790e025c82488a5ab27bdc61f46055a

C:\Users\Admin\Desktop\DisableAssert.AAC

MD5 a62049e2205bda74075626777421da02
SHA1 220881bc57038eb5d598aa4720f35a5be356a387
SHA256 bc04d479a3f850e79f8d1c9bcf47d97f521b62e4c13485cb701d5afcde220566
SHA512 88e747b3b7bf22486509d375f2adade2cff68852760d863dee91725b88fbaba3ac5faad0e7be297dd693fb2e5f839083a873a47a69e7abf3a17f35e7b887b5de

C:\Users\Admin\Desktop\DebugSend.rle

MD5 4df9f71465ae4e577cbde47fd02a7620
SHA1 c47ba0e72f4182cb25f2874642a2e39d4e0a07f6
SHA256 cae5e9c40597a2cf6c6e3e880d4041f79b31f63ae5f63d6d48db6b2c434aaac3
SHA512 c0ad9f2d3e49cc5a6dc98e4ee8f0b0d7213219d4682248958fc2fb9f199c351a91d1c40ac142af6e34ed28e43844f051d83d9efd9fcae86e6a7d0249cdb92203

C:\Users\Admin\Desktop\DismountPing.ocx

MD5 efd2e9d764352022f39709298f266ed7
SHA1 eb5483ead37aa214bbe879ddd6c550dc23a43083
SHA256 b4bf4f602ebdcd3c4a13ba9a94a0e659a8108494832d606d1d1a107677450742
SHA512 2128aaa80865fc05e92ca9bbcbb2caf9d05925652f77e2cbbadaf88042cafca2503f94684cc747d3357d3f002b14d4d0ee6c98e3b5294bb879bfe622abab9d67

C:\Users\Admin\Desktop\FormatSelect.wax

MD5 12efe5c0e9826b1a508d71a6312027c5
SHA1 387c063fc6f9f234b33abd05803a3094aad0216b
SHA256 1118b0304165126320aea6943210a0c59a2c607f8f6118a9a0a7b0f867ddac77
SHA512 a3249314fded8766c474ca01d9c684ef16389cb72c69787c9b99d63ed1461c6fa19f99be0b40e52dcb008bdf214e8af9179476e43d462b0ed10e331b4cd37763

C:\Users\Admin\Desktop\FormatPush.ps1

MD5 c0ace0fdeeeca99e77def5d473aa6511
SHA1 215ec638c5ef849a97ac1efca406b00eb9571e45
SHA256 8c460f135f0dc48757944b5eec5b6f13f6bed2b4fa659e6c492801e7734eb795
SHA512 9dca97382f1e223e0bbd256650b8daee220f34466259a71b0b13e00b6dae19aa0fcdf470879e5b66b870d500b88dee12b47ebe76418d06bb4294575d8f03f46a

C:\Users\Admin\Desktop\ExportGroup.txt

MD5 6e9c562db926effe74f2995f91763eaf
SHA1 f45e25215b8753487d5ce219161eaeb4d16b158f
SHA256 4cf82738e9b44a1bde2518c14a4ab1fa6322f2a10b0a1ef585e9667c30928dcc
SHA512 605484c8f74babc542c4005a8f9ef119aff17f16493b6defecf1e806c9505d5a0905771df70ff319f118b9c2ed07c7b75dca3344024da05b092d8cfb0b979066

C:\Users\Admin\Desktop\EditOptimize.au

MD5 aa4a102646048e2f728bc3329ae8cd13
SHA1 1f6b3375d632842b1ed8294549d016e6dedfcb55
SHA256 2ad30fb1104955285151a966237664dddd98e79396a9fef528c55252db78c88c
SHA512 64faae676860394f2c76aebdc907ecf5b22a6ae141ee6ff14682cafad628f97123aa46284015b1af7c8ba604b7447af77f54e4e9762d4ffabbfed312fb1533d2

C:\Users\Admin\Desktop\WriteOptimize.wav

MD5 5674004c8401df5d0668937171e80be9
SHA1 59645d4018119f9bbcbd2185f2f6a4f6f1ccdbdc
SHA256 3fc6b390420f2f548208a8688eba27ee9fc63bbf6de371ee86f7a30010b20d62
SHA512 66e1ab9654a6dde4e3d69279906277334c77c3000483e8812fefd83185b4d0f43f08fcdeb9e6f1863c647d50dbd4675479857f1d392abc75f8aad4658345768f

C:\Users\Admin\Desktop\UseOut.wmx

MD5 bf41f388b5660e66b50ce68a312108cc
SHA1 5a8be59cd683514ae8f61cabdc474ce88dbdc23e
SHA256 3d0da71ddb4ab4d2329d5d75db597ceb75dbd27176cad902057b52cbe48c5413
SHA512 7ec957d5bf2e7c618dce4b6eb5961f83afbe11a9597bac89ac4a7b48701da0f54d63d80d000205f038aee35a91e2c0c79d5b6fcaf25497c1480abc7a9bb3d3df

C:\Users\Admin\Desktop\UpdateOut.xls

MD5 be58fa46beae39c7dccec02fd83298ee
SHA1 f0d00d31a5d957987c8c1c881d6609d7cd82ab86
SHA256 d02984fd71adb76d1573eaa7fb941bd01704660c87e347be5806780e235c9f9f
SHA512 f5b62d806ebd8cb7b860665ce522a7aaaa671f3382b9706eea1ca06523965199b4f9b32dab05f6e83a633a31a74dd6c3ccb9bbdb8f426c881e259fc9d3727d09

C:\Users\Admin\Desktop\SuspendPing.zip

MD5 c988c5f94636b81405e85b0ffe3b8a14
SHA1 727b2a0aded68bd54b19b28d787a8797d22d7a11
SHA256 6373d15a7feed92750fc81843f2c27df01c031cd5ef1045070c7f454384bbf86
SHA512 5c5af77c55023aee455fdb648c6abc612b5469cf4eb435401b192bc341205ee20d1bec8caa71d098d875a5a3ae6f8b4637f9d113d1448e1909cc1b132be5e5fd

C:\Users\Admin\Desktop\StopUnblock.mp3

MD5 42b0ba14070f179dd3985b7d13fb3dcd
SHA1 7448689748e2f8248734906b4ee8b94bb791ca02
SHA256 4617abf073cb39a073d7d04a6a21eecf4ce861c27b9e029c25e168fe412a9363
SHA512 2d397543edc39bcfa8958eefdb29d2272941e238e500ce08a73cdbe1d8455eed999c149dca2fb64005e331be58cb55a1abea5819b54273cf420377b32ffeabf1

C:\Users\Admin\Desktop\StepClear.mp3

MD5 3782dece4d7f1470d16031d239f114aa
SHA1 a5ec27904a346f7146e6e8435ffdeb68103946d4
SHA256 72de33cffe5bf4b3be1494a9062986031b47642e2883e230c49e7ae7cd98eb9b
SHA512 8ebf4ed23d044fceeb623dc9b400678930a77d3f809f57c0173ba97551219df6389c08b7f7c5ba96d2ced7caa1be912178d6527a25d2cb151364266cfdfd0c3f

C:\Users\Admin\Desktop\SelectGroup.midi

MD5 97c6df9548a51acd26d6736b17965d6e
SHA1 4f4ce3cbb5242e9e3bfde3669b1883de55a56af3
SHA256 f80ce6c9f0c4e548f041b54ad11541f505f20c045efc72ed4b04bd38652757ba
SHA512 aae8cd1071d3238da1033aa34d4810393ef83b68057dec04c9c7400245223c63f3835bd9343405da248ac95b29a2da79fad352936fd1803db2160310d75a7474

C:\Users\Admin\Desktop\ReceiveCopy.M2V

MD5 6a29fe34e3570bac49b610f323f51cec
SHA1 d501c57bdbcb6d303c10c122837615b002275d8e
SHA256 96023e45ac5d8e6bfe3eb3e9722944ebae121a634ae8f351048a5eefb5307f2f
SHA512 4094ca42e308b27db6324c9b620af038ff196de045b7cc06db98447cac273c8398e127e6d50fdb8fa8710beab1986a5ba9034638d01040332f8572c56c581e18

C:\Users\Admin\Desktop\RepairProtect.mp3

MD5 4d1736d2645d5beb431c397de6e7282b
SHA1 61eaefdb1022deee7fdbe3d724ebb9299153c8e7
SHA256 5cff0354e688c230ee86cea34c69a544b12d17b5a50a2313ffd90a58cbdc3c71
SHA512 4d544e6907efa5b43bba604a75231af2c6de888b7e469f823356a534c27e07a4eb77e590615d9731f60a3208e442dc476233595beeb6c83d8e4e8185b9a962fc

C:\Users\Admin\Desktop\PopFind.mhtml

MD5 172b366cb9a183bd56a50f08fdec6a65
SHA1 3fcadb05fb389dd7ddd19b6428d0c9af4a8767ec
SHA256 b7de62f81a9b585e348343cab47faa032591d12911ceb8988dcf5ae5a496ec29
SHA512 54ff495ce0ebd090007ad8671318149d98d17f85f13327b07f1b63073fccbdbd4ec1fb2f4a17b8c41d1c8543ebb65e37f44921abd2699ca945a4a1d4c3b33c82

C:\Users\Admin\Desktop\PingSave.tiff

MD5 c2f8bd2eae3c0726cadcef402a527ac7
SHA1 5adc17ffb08d423bf4cfed47f9c9996698efc339
SHA256 b7fece23faa3c389f4ce353f5241ffc3f24a327fae25b4b6cc60b6fea1eb513c
SHA512 116d42d1ac8e498176a9f9d584383c8dc7b2c7805e6ff6df6b4df6224804211fb2627d506b29b49554abbdb8e65212f4878e5fe0f0c2e6721845e787a72d249f

C:\Users\Admin\Desktop\NewAdd.xlt

MD5 b157738b295fa9eeaf3c8a9db01d004a
SHA1 f9d4587bd0d38b7c44bb1c90773eb9b0524fd84a
SHA256 49ae8ac44342d91d0e94a277b273258c5935ab4dd827776c06e46a895c240486
SHA512 60b36807c5ce681aa5a73fc52a09e6e463239f120aa087a5115efdf5ed0bba4519e08e016994ab610498f121e6f8129cc71b250670929fe9387a0ca965998469

C:\Users\Admin\Desktop\MountCompare.3g2

MD5 69813a34f1394eb9736d733b1e9af2cd
SHA1 e08eb84aaf3c967f1238a3f7080eb3c22bf671a1
SHA256 3bf6ab58d9f130354ee790cbc9878a2474307cd971fd2feb3c29f281f5711b66
SHA512 f4ad6dc4b485244d47975ea36f24c9ff4c306d17e3a899753f33c7e9968a67b7cce6ea7bb09ec7c16baf3cb428b1147f106cbc575704d8409786114fe5f8be50

C:\Users\Admin\Desktop\MergeJoin.dxf

MD5 f60b14dd4dae21d239a3ad90b9cb864e
SHA1 ccba7aaf6e322875ba58f694a54a7c70a3445117
SHA256 754e75f2ccf343c50e473e6ac041a07cc45618405f66922396a5d74a5199c741
SHA512 ce9d5d8a5f4fe1f865bdc29046d7810e64c012ed2291793f8fb3b9f317087ca5bbbdb0bca1f792fe58bac7a152f8c434dd9515aa2845666db01520898953f43a

C:\Users\Admin\Desktop\GroupTest.dotx

MD5 f7f4a2e5f32f834c77e3b5be161f997a
SHA1 03f762fa22ffb9c5ee30524d1f4dd1403e270681
SHA256 85f2cf4431fc886f85127df6203dbb16f9fe952ea2837b0e81979986dc7283e5
SHA512 14e290546fe2c1f50daf7c175a014727bb77b5381a51751ce5b5de7f1467dc0831740bb175fc86713c115c435af82318952a87f600d186b8688c6d3bbd5e5518

C:\Users\Admin\Desktop\GetRegister.m4v

MD5 1cd5e029907a228aa9578461bf745e44
SHA1 17493ca188efafbd4bdab4a422bc3e33fbd3c529
SHA256 b90297d9992d5c2a544e5cd7f732eac33f81f8ad75dafe23a3aa9166fbb8e1f8
SHA512 506f5ba0bc7837cf5ed5434ee2189b637364e0d1eee67517057a5654a24df0c3fb896982744fd7f81327e4f769f8ddbb022bf5fb1ea269ed3cd8207644f48d7a

C:\Users\Admin\Desktop\Microsoft Edge.lnk

MD5 d4df9e664e813a3697fd85c2a58eb602
SHA1 a656326def490f285a13b8a1cfb7a3d8e7349c97
SHA256 977c070b51aa82e71cc0afd054afdcd17662cdd072ab78397a44ab11855df6bd
SHA512 96154c170135416b61234ba4358772b46fe5d17a4e75c4d5dc58f93caab75e5bf37da40e69e3a167fda5050b19f5dd1a76d9c1c43715a5b362b943db6fabaf69

C:\Users\Public\Desktop\Acrobat Reader DC.lnk

MD5 7a8375a41ee2bd03ed5e64d525e2d5ba
SHA1 2f1f3a6aa5ba172084ff2f54ab8d9006f2af8b4b
SHA256 13cae3978652beadcc5c50d1944d6c380d3862218fe1a528bc27b1e0fead9425
SHA512 a2fde62987864dde30c8e0798391643d98bdeb9c3478265bc925bf7bbecf7c145e8d0645ddf6f7425872929e25f48060228f43560d540aa5fdeac152620c284c

C:\Users\Public\Desktop\VLC media player.lnk

MD5 be7a3ce89612328cbabb809c6169dc92
SHA1 44de4fa8f3ab1cc0cc97a6f9f1cfbd68f360fb15
SHA256 cb16b46c1fadbe749975e4be7e34d25e059643eca019ed27ebb668b5e0552fc6
SHA512 903646559b557e4da28ce56b949e89b9858eca58301c2a017f148b19e8fdf965f8e04c8a2c6edc2a70729e8dcb477c4b36c1040c6a2316abfe1a943d784f77b2

C:\Users\Public\Desktop\Firefox.lnk

MD5 51fe25fca51e9a19865116377e2a576d
SHA1 f3ecee979abccf314b12b1f16e475f2bc4527fc4
SHA256 cb944f399fd4a86803f74b56e890cec575808174dfec0537a3f508df067fb514
SHA512 3683cb6d05a4b5598339ae543d3c65ba1423837e448fd178b2b4f84e8a5df9a07b0a51d087224da0cf0f87d23a4924c5b0e9cc4c86bd20639bcdb6685f4a38e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a1068ce59c9d26ce6d50dfcacc679c68
SHA1 7792b58b49bbc66f68e244e0ccdea82e01161fc0
SHA256 84e6eaabc5b8b1c3e083cc69453fcb600c76d8c48dae5d19c06832b6906a709e
SHA512 0f4e6d51ed43661d30ff570cc3c941904fe064df931a4ae377dcdd4514b786e073c60d60db8c2efa67934a0b7d19566f16dea6754abc0ec11abcec7285d5c1e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 96b159c997955ce7e16003cdda0cafdc
SHA1 d69449001ddc6f524b6502710dbb1dfd66d9213c
SHA256 af6d3fdeb444a396db47097c0f5d9d89af9d80453aa947c0beb379431007bb7e
SHA512 b4d3e6fbc8e6f26462f189a7e831cceac0a20e614a94cf6201a32ed1b018e0fc90717df896a0c6e3df8d699cae9298618a4580f1ac1005f719a960c151995cda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8934b9f2d26bd8e62c277614651de996
SHA1 50ac1e5e5ab0db62667813c1c9bfe9f692a89576
SHA256 e79ff289774b70a5b17a10a58ae27decbca1d89ab601275f072d1051674dada3
SHA512 f60c1f9312a4008e5fc54d61b119ad6f97f1e37e1833a5e47e93b4962ade089dc7c1d003865b0527668bbafe34d2f84c9b8bc05977c45cfc79bceab58196e9e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 bab18cf54d7adfe0302e5075c67778f4
SHA1 f4c86f9f5d4a2a24eb380b23c2d53d9c96189199
SHA256 8e5082037f3cda9bcd8073434af7483e8470c607a1e0affd5e9eb59aa7499e46
SHA512 3b1017eb5dc5dc4069345982931a5d5f144357a3c108e47d0579af9b476f4e5e430ef9e45d8cec19fbab6313d4e54ce705816350cb719aa929277c222fa3126f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c407eb6ea515724a44c9a32d2991f7f9
SHA1 f81a2bacd21e1de387f14152e5a754a1e72f1451
SHA256 62c5acc4c76a161addc0081ba6506e399e7284a3edc843497f1b91ba13a8e87d
SHA512 fc2343e82bc2a1d64fefd316e76d53c45ccdf5e750f16dfe05fbbd633eebd18da3c6e4105d0f791339a1f461adbe3a6b82f57d1ed06d5e07781afe79c66e7417

C:\Users\Admin\Downloads\Unconfirmed 614356.crdownload

MD5 8116be49a2e46f77f7b3a48fdffa49a9
SHA1 745150a08133308183bf8dea87807ef5151abef1
SHA256 b52ccdf58afbe0fb5334fb2d390f888c8ff23bd1b143006d08f6b01e95c2083c
SHA512 5e3125eb12c1163acf5b3aa308c8036df7f842abea9fc3a47729f1876ab8ded5b8e7d015aae068741635fd42fbf19402eb17e03c5b5e986e316a10bf708b9190

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c59883bd39a7ae0afa17ac16a8610338
SHA1 b10ae39a95d2c3ad5ae2f63ecb8d3fea66f9fbbc
SHA256 fd00528d67d888326ebe193af66f49199b22ff795f23033a14e05c731a72c14e
SHA512 de92b67bbf167bd8f04fd84481692c12db55ce860121b28e0642089cda0b23444d451cc6418afe7e22a8e61fa8652dbf9818e887f1d4454d8f84d889e0246a70

C:\Users\Admin\Downloads\AnyDesk.exe

MD5 df253cf5d020da16ab057affea8c518e
SHA1 6267467e3db9a01ba34b61ef389ef0043536e55c
SHA256 38ebaaedd82aac60eadcae52a85b93d9c7e95712ec76ea83ac57ac8bffaa9288
SHA512 fc114ea3137e6cdad816e32b113f1ed7e4cd53ff05d1b80784a8eafac95772d399a470ac2217ff410f528d687b0fc7c29ee36a0cd9e1f412cd611d22da254e66

C:\Users\Admin\Downloads\AnyDesk.exe

MD5 d39184dbcff1f34c0346b49e07bfb1ec
SHA1 76f2a125e0a08150a499173b0c4c7432e1349778
SHA256 40ae29842f7d4702fcc6f6cfefc248d1388a6f27018bcc276c9f2247e7490f51
SHA512 21795386f522ccc110745be71d499759ffe095e3dcc17e0c92a1568645682ed1abd1d3f63f085249d53a5b42ffbe2529c99f036fd7eeaa5e9434599c7bae0349

memory/540-545-0x0000000000960000-0x0000000002097000-memory.dmp

memory/540-546-0x0000000000960000-0x0000000002097000-memory.dmp

memory/540-549-0x0000000002180000-0x0000000002181000-memory.dmp

C:\Users\Admin\Downloads\AnyDesk.exe

MD5 26a38e569c66f22fddfeed9565334756
SHA1 50e7cd0ee42a5caa6a0cf76128bea97a0f116af7
SHA256 f1b3a6f4f6bc2d7e66b72d6fc1c4454c971c541367ca1e7158a8d660069dc046
SHA512 5779a58d0a2197a8df4bc474249c46d23232c16b6d4f3597aacbf91b5c78ed0c393e689732b4b846bd2b3ff807e8753e6a6cd0327cb07c1ff94adced8f8bca7e

C:\Users\Admin\Downloads\AnyDesk.exe

MD5 7d3d1795708c9fa119339f9361afb48d
SHA1 9212454a4bd0de46174bed7d400a0794983a4965
SHA256 cc81ac0bf9c4aee7d217d4715377f6d59d728b714c134711dfae981454f180e9
SHA512 aa1a7d67b741268d51466f65fe84f528d77cbb1cc972f9a47fd54598a00ade3c1b58102cb081258652d80d11dc8922d5773f46a2f09de7f4ac7c9799e8457fe1

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 2e2d21e878fae603a5a70139a9563cbe
SHA1 2a2b69c44e33ac974036ed17530a996a4b9793c1
SHA256 4eef449fe1a25ac348df2a5325e2a8d2537642ab6ed6dc3069dbad4131727cf3
SHA512 713ada9371f0151180b6fe6b73c04b2cc7751ca96067644be867e90348e5ea9b6fa6b1d86c5c2c49a6835ae2ea40122d91a414bd44676672060c82a7f4c9e169

memory/4380-558-0x0000000000960000-0x0000000002097000-memory.dmp

memory/4380-566-0x0000000000960000-0x0000000002097000-memory.dmp

memory/540-568-0x0000000005E40000-0x0000000005E41000-memory.dmp

memory/540-570-0x0000000005E50000-0x0000000005E51000-memory.dmp

memory/2732-559-0x0000000000960000-0x0000000002097000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

MD5 652d382f197ff862315634988442946b
SHA1 893f435e64c5eb9e262deb764a50beac0d33f61f
SHA256 1dfedf76caf15fcfbdbb4db8948d5a6fc46fcf2a6dd56cb94c5720e8ef0a878b
SHA512 41bd7263d99b3cf67e50270ddfb55ef627c376b7c9ee3f7f6e0eff250350ddf2e5a3c00a302e2806af5c1aec47e8acb2c7ce3eb3ce62f05d55d2bdaa42f5fde6

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 854398fdf3b8a840f7caa488dbdc34ce
SHA1 2827a35d4f4fd706f6034b4b96760d7ad2997091
SHA256 f12f19eaf9359851fe2240ee9481706dbf9732267e9ca4e7c15a2b8a6833071d
SHA512 d6f33f4e5ab50d05f803cb4b15474cd28747a4bba3c47912f8bdf04a072a1b05a97a4d11e4ed40a89d35dc558a24fb38e9ec1cac8f1624ddc0f371fb882d16d5

memory/2732-578-0x0000000002590000-0x0000000002591000-memory.dmp

memory/4380-579-0x00000000024B0000-0x00000000024B1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fd11c907ce6e68a9551bb3b9c2bcccaa
SHA1 49c7c917241b84a64cb1028f9a245f45d52162bc
SHA256 8678e29fd4952a2072fd64987fb7a656774ad92df691c3fec0de045d985898ee
SHA512 87d4ae6614351c8d315eccdecb6ab235db17770e08b484874ceacf9b82a189ba30c4343f362e27576994858f88754aba5951421e499a52c47c03076672842192

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 65763351fcf99f8fa120ff15b6b539da
SHA1 4911bb3e99936b81370650241fdff8e942b384aa
SHA256 147336b9a9a5abcdabb9b89745fe712502fc52124294c324a7222a2f4716ed76
SHA512 dafafd3b949408538fadefb16f84c585f3d26ea008df9c9afaba60fcae6afb64a315f8d3b20afd5ea67fbd9ac2c332a532dabda7140ba5a16d8f9a70075038fc

memory/540-632-0x0000000008420000-0x0000000008421000-memory.dmp

memory/540-635-0x00000000075D0000-0x00000000075D1000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 2b80b0f53744f1edd4cb5d22e99bb72e
SHA1 820b85157c3ff51dceb7fe77d422a1d8d0e98689
SHA256 b8f0c437382150bd830268d17ab7fab9ec4d4370e3e20df3c78162dbca9092be
SHA512 b7848f362718938325cfa19ae0ea8ebb9ecf96b91880f66b40604658959e9944253d03bd11fb094d576e8fe5f9e2d674beb2e644d301e65de54ece4c0fe52137

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 b1dd1443a288997d9bd4aac498315db3
SHA1 1fc8af7a1ed208f8ab6fa012e7231c865685631a
SHA256 b53037459fbeb16dc41c05d1a74b764d68b3a88ddc775313d9c48d35af9c56f3
SHA512 49a85bd85b6d9849bb474589904be0dd6890877824f356489618c89b94e6ac48b5967719815300f9706e54a76870a6885addb4abc7547db068423becceb9dbff

memory/540-747-0x00000000075E0000-0x00000000075E1000-memory.dmp

C:\Users\Admin\Downloads\gcapi.dll

MD5 8400d46d15f67b9e8c15efe188fa7152
SHA1 71cf9eabfbb401bf9c5a6c523a003144cf493ea3
SHA256 c2c7e8b24d1e92bc56e3b67c05872835c284a7979a95961068b26c1150f71220
SHA512 27231c3cd65ef2a4dcfd16c054f827ed57ed14b6c0dd403163d1022f0b039d6d8a56f0b1fceaad66bd14e275a777b7c1454cc11bf93b5c0a3c0cf11fb13bc8ab

memory/540-756-0x0000000008900000-0x0000000008901000-memory.dmp

memory/540-757-0x0000000008920000-0x0000000008921000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d08a54777feac018876634b5faac4079
SHA1 ac8d2d7e7f0af57cae75e217bceb0c70ff9d3605
SHA256 2db0e5f96235dce96ef7551dad1cc41810fc0c09fb37f4f79bb9c6c48eaa1ef5
SHA512 c2dda7037ab015534d2187ab036ed1743b7e1b99ca9538920a8096f4ad48dec358bf26e85131fab2cc1556d9fad55a7216219b8aa91ee7218dd9891848832a19

memory/6012-774-0x0000000000960000-0x0000000002097000-memory.dmp

memory/540-776-0x0000000000960000-0x0000000002097000-memory.dmp

memory/6012-777-0x0000000002930000-0x0000000002931000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a9832c435ff30fefd8a4a10cfc0a7ab4
SHA1 1cb4efc4889fe8b16dcc7736a37e3d7817e4135b
SHA256 eb318acaec209bbc349d41b080e19e20c173b3c8fb769a36c053706672cf6e89
SHA512 aaad872790485c53a214b7f87021302d1c2c40ebd4b25dfbce46dc5c1bfa53332bdff120d77dd867464085a22a33ba8b0e098e6cb293efc494628cce5c814059

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584ff0.TMP

MD5 38572b8c0e8a5d7c6c176c3d47ef8b71
SHA1 e54c8f168edd6fc92e7a754bb0bdeed920763f66
SHA256 6447c2ef561c4a5f6c0d6604cc2019df2b60c3171a99ab8a0aaca1eca3d361d6
SHA512 6318dab0e6baef87dcd092555e97e98849641ce00e9280c790645ea6d98470933d15ff7d13ba849addb5ec7546764276d9c4f06d64082591e92ffd75a9374fb0

memory/4380-788-0x0000000000960000-0x0000000002097000-memory.dmp

memory/2732-789-0x0000000000960000-0x0000000002097000-memory.dmp

memory/5236-809-0x00000000004E0000-0x0000000001C17000-memory.dmp

memory/5236-811-0x00000000004E0000-0x0000000001C17000-memory.dmp

C:\ProgramData\AnyDesk\system.conf

MD5 ee89ab5825f5e1ad7387307dbe1ce931
SHA1 cc59c604d636bda69cfd4f365908347acd7cd024
SHA256 a52432c59b90a5023ac0674f3e58b74f0c977421cc76ac37e7a41eddc076c507
SHA512 c0135418971d54ee235269128a2b0f88082e711566b82efa6f331688601185b7fda1d66d9e03274169975ebc61e1f43ac239cf161395ba30f41cb2055faf5e79

C:\ProgramData\AnyDesk\system.conf

MD5 7d9996ee9d05d60f2437d5dc9921b257
SHA1 7db62a2899ee9c04040e12966fa9157636dd8c27
SHA256 d7eeb8a518da0d83ae71ac95d696b8e66cce1bae1f86741f6458c60c7104c27b
SHA512 20e74dddc6349706f82acce68740920f13ef2e45df0fa393ffafe7d3dd118831b9799891e36d22ec208d55eb718486c1e57eba061b5267adf8c26b2176a38ba6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt

MD5 99766b59e76bd42a18d188f34f84a428
SHA1 7d6ba6c79ba509f70769a1c1832a37acf37068e9
SHA256 35237ae60e8983e656d6c1fc4a4fa6361136af3c760226558985a25d193cb0d0
SHA512 874e0282c65491468095fdcb5f733d21b66b65c2314aa14f9c5cf94fcb69a31a228dcb7f296ef8693989ba5e595457f8ae1e1a080ba75ec83521ecfb626c8648

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt~RFe585724.TMP

MD5 9222deafa2554e87fcc6718670113f91
SHA1 8c97df1623dd4f902dd9bdce5d89c97cbab9ec9e
SHA256 5f14c81a534c0dad400bc16513ee7cb9547c59f9f2eafe92d5bd599bed3b975e
SHA512 1a963efff65440b9ba94a530446ce3457a31c3be8bed52cdadd5171a212b818466cd0b14610a828e7a3c94e8b389b663994bf4d15968686dcab2d21e6688ba23

memory/1216-909-0x00000000004E0000-0x0000000001C17000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{b100ab85-c26f-1d44-9714-073e9c989ca7}\SET57C5.tmp

MD5 d4ca3f9ceeb46740c6c43826d94aba18
SHA1 d863cb54ad2fa0cfc0329954cbe49f70f49fdb87
SHA256 494e4351b85d2821e53a22434f51a4186aa0f7be5724922fc96dfb16687ad37c
SHA512 be08bc144ee2a491fbc80449b4339c01871c6e7d2ddc0e251475d8e426220c6ef35f67698b0586156f0a62b22db764c43842f577b82c3f9e4e93957f9d617db4

C:\Users\Admin\AppData\Local\Temp\{b100ab85-c26f-1d44-9714-073e9c989ca7}\SET57C4.tmp

MD5 e0d32d133d4fe83b0e90aa22f16f4203
SHA1 a06b053a1324790dfd0780950d14d8fcec8a5eb9
SHA256 6e996f3523bcf961de2ff32e5a35bcbb59cb6fe343357eff930cd4d6fa35f1f4
SHA512 c0d24104d0b6cb15ff952cbef66013e96e5ed2d4d3b4a17aba3e571a1b9f16bd0e5c141e6aabac5651b4a198dbd9e65571c8c871e737eb5dcf47196c87b8907b

C:\Users\Admin\AppData\Local\Temp\{b100ab85-c26f-1d44-9714-073e9c989ca7}\SET57C3.tmp

MD5 6d1663f0754e05a5b181719f2427d20a
SHA1 5affb483e8ca0e73e5b26928a3e47d72dfd1c46e
SHA256 12af5f4e8fc448d02bcfd88a302febe6820a5a497157ef5dca2219c50c1621e3
SHA512 7895f6e35591270bfa9e373b69b55389d250751b56b7ea0d5b10ab770283b8166182c75dca4ebbecdd6e9790dbbfda23130fb4f652545fd39c95619b77195424

memory/6012-912-0x0000000000960000-0x0000000002097000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{b100ab85-c26f-1d44-9714-073e9c989ca7}\SET57C2.tmp

MD5 0d7876b516b908aab67a8e01e49c4ded
SHA1 0900c56619cd785deca4c302972e74d5facd5ec9
SHA256 98933de1b6c34b4221d2dd065715418c85733c2b8cb4bd12ac71d797b78a1753
SHA512 6874f39fff34f9678e22c47b67f5cd33b825c41f0b0fd84041450a94cc86cc94811293ba838f5267c9cd167d9abcf74e00a2f3c65e460c67e668429403124546

memory/5700-914-0x00000000004E0000-0x0000000001C17000-memory.dmp

memory/1216-919-0x00000000021D0000-0x00000000021D1000-memory.dmp

memory/5700-913-0x00000000004E0000-0x0000000001C17000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{b100ab85-c26f-1d44-9714-073e9c989ca7}\SET57C1.tmp

MD5 b76df597dd3183163a6d19b73d28e6d3
SHA1 9f7d18a7e09b3818c32c9654fb082a784be35034
SHA256 cba7c721b76bb7245cd0f1fbfdf85073d57512ead2593050cad12ce76886ac33
SHA512 6f74ad6bbbb931fe78a6545bb6735e63c2c11c025253a7cb0c4605e364a1e3ac806338bb62311d715bf791c5a5610ee02942ff5a0280282d68b93708f1317c69

C:\Users\Admin\AppData\Local\Temp\{b100ab85-c26f-1d44-9714-073e9c989ca7}\SET57C0.tmp

MD5 1e4faaf4e348ba202dee66d37eb0b245
SHA1 bb706971bd21f07af31157875e0521631ecf8fa5
SHA256 3aa636e7660be17f841b7f0e380f93fb94f25c62d9100758b1d480cbb863db9d
SHA512 008e59d645b30add7d595d69be48192765dac606801e418eeb79991e0645833abeacfc55aa29dae52dc46aaf22b5c6bc1a9579c2005f4324bece9954ebb182ba

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

MD5 46f94caaf8ae36bc945ea7523d8629a8
SHA1 66b381c8d9b039239bc80c4def73b7c96528136b
SHA256 bb22ff240e1b986ea8298b24b20b8b35f17ecb9057b2c1808a95bd041926c43e
SHA512 b875707d7025b5a137ec5d596ee17f7f984665849e1b3ef5d15d5d8384a040df8067c8f7b96c0809e6af476366bc5d9b10fd00854bdfc63139b66ba3e961e106

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 acf827526acb91713cc3d5d2d72cbc03
SHA1 99a29ed715c4bf5bdd29c60f82ecf095496186af
SHA256 ceab296e0d2fd763760969d6fcfeb1db0d934e03f9522378ab92ba725a18df56
SHA512 8343baaa047514bf9e3075eeb8033acb1ec95fccdda4d57a9f332f66c92fe7c686a2813780689dbad0399c9f75d3006470d462be3f15c19c9954d96eb2ccb5a9

memory/5700-965-0x0000000003C60000-0x0000000003C61000-memory.dmp

memory/5700-992-0x0000000005F20000-0x0000000005F21000-memory.dmp

memory/5700-995-0x0000000008080000-0x0000000008081000-memory.dmp

memory/5700-994-0x00000000060B0000-0x00000000060B1000-memory.dmp

memory/5700-993-0x0000000006380000-0x0000000006381000-memory.dmp

memory/5700-983-0x0000000005F10000-0x0000000005F11000-memory.dmp

memory/5236-998-0x00000000004E0000-0x0000000001C17000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6974a015d24099be4dd969e1433820ab
SHA1 fce119873dacc2985d4e6fc886ee99f9337d4663
SHA256 700a8d213ff18e227e1198500195c70884c908c0bca7d71f66ccaeb7248399c0
SHA512 e4d75592dbdd2e689b0cf50ac620ec03b4e82cf1c269935793d6fceb39da9ab212f4c1308a135d8fcda8c33165f493d1bff9b938bcb47c93f187fc13c621f4da

memory/1216-1034-0x00000000004E0000-0x0000000001C17000-memory.dmp

memory/5236-1035-0x00000000004E0000-0x0000000001C17000-memory.dmp

memory/5700-1037-0x00000000004E0000-0x0000000001C17000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0e10cc223ec08e6e2583bfdfecefdf7e
SHA1 7a3d371cbf57cac3229e73f5725bba223abdbf68
SHA256 529a3c4ffb49e96eae619f9dde12635ef1f8bae6e1eef7111f7beade8bd58909
SHA512 efa5d38e98f0fbed74e9e7e759e0c2527f0dd481f0514fdbe1b3bc13c4f4702735c5d56d9956bff2738f5f4cbd25c67ab264dc323ffe9e37257644033d44c62f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 de92256da2185bfeedd90d116ee86617
SHA1 5fd391bc117e18c3a8cc21663ecae66e45595734
SHA256 f5841ca37c711fe4c48d92c73e99423a1750d62c70f12760be8fb75b23eca39b
SHA512 00e851e810e5ad5a34850e6caa1f2ab03e8994cadacc30776e6c90beeb18bd9440963786683f1bf0df5f2e75fb24325d9477aaa6207112d2f6354d925a56581f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3f81c19244e86ab101ecef144d80e5b0
SHA1 13046b2debf3e014eece144452e35e461fd8cb16
SHA256 8564ed45cbebeb8b5c30c23bcb323dc931d962dcd56d01d47f7a35782d38c1ab
SHA512 7475b33d583e88f3e4d8838f1417c1c164fc2d8882f0b4cead2a5887ac982c69c516f2cd753fec852a54071592d09d9330262d3c5da5c01df1c054f1f01b4d65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f6153d8ed1dca0826ebc2d40fe06acd8
SHA1 6a33caa5c94185064a0e1246c06cfef2a21656ab
SHA256 282aedcb6a044a6be4fc9c4fc6ccdc9fe755620bef719b095329231baad36ade
SHA512 aa92dbf19ebff8a57ebdb9ffa9331e19ea588280adade3f294d06886dc68fe885448b3e4d09f01fb4683da7f48a43b4b8b63f7cc0d813d929e0da7aa77d13bee

memory/5700-1173-0x00000000004E0000-0x0000000001C17000-memory.dmp

memory/5236-1177-0x00000000004E0000-0x0000000001C17000-memory.dmp

memory/3656-1178-0x00000000004E0000-0x0000000001C17000-memory.dmp

memory/3656-1184-0x0000000002510000-0x0000000002511000-memory.dmp

memory/3656-1183-0x00000000004E0000-0x0000000001C17000-memory.dmp

memory/3656-1190-0x0000000005C40000-0x0000000005C41000-memory.dmp

memory/3656-1196-0x0000000005C20000-0x0000000005C21000-memory.dmp

memory/3656-1199-0x0000000005E60000-0x0000000005E61000-memory.dmp

memory/3656-1212-0x0000000005F30000-0x0000000005F31000-memory.dmp

memory/3656-1210-0x0000000005F10000-0x0000000005F11000-memory.dmp

memory/3656-1211-0x0000000005F20000-0x0000000005F21000-memory.dmp

memory/3656-1209-0x0000000005F00000-0x0000000005F01000-memory.dmp

memory/3656-1208-0x0000000005EF0000-0x0000000005EF1000-memory.dmp

memory/3656-1207-0x0000000005EE0000-0x0000000005EE1000-memory.dmp

memory/3656-1206-0x0000000005ED0000-0x0000000005ED1000-memory.dmp

memory/3656-1205-0x0000000005EC0000-0x0000000005EC1000-memory.dmp

memory/3656-1204-0x0000000005EB0000-0x0000000005EB1000-memory.dmp

memory/3656-1203-0x0000000005EA0000-0x0000000005EA1000-memory.dmp

memory/3656-1202-0x0000000005E90000-0x0000000005E91000-memory.dmp

memory/3656-1201-0x0000000005E80000-0x0000000005E81000-memory.dmp

memory/3656-1200-0x0000000005E70000-0x0000000005E71000-memory.dmp

memory/3656-1198-0x0000000005E50000-0x0000000005E51000-memory.dmp

memory/3656-1197-0x0000000005E40000-0x0000000005E41000-memory.dmp

memory/3656-1195-0x0000000005E20000-0x0000000005E21000-memory.dmp

memory/3656-1194-0x0000000005E10000-0x0000000005E11000-memory.dmp

memory/3656-1193-0x0000000005E00000-0x0000000005E01000-memory.dmp

memory/3656-1192-0x0000000005DE0000-0x0000000005DE1000-memory.dmp

memory/3656-1191-0x0000000005DD0000-0x0000000005DD1000-memory.dmp

memory/3656-1189-0x0000000005C00000-0x0000000005C01000-memory.dmp

memory/3656-1215-0x0000000007DA0000-0x0000000007DA1000-memory.dmp

memory/5236-1216-0x00000000004E0000-0x0000000001C17000-memory.dmp

memory/3656-1217-0x00000000004E0000-0x0000000001C17000-memory.dmp

memory/1216-1221-0x00000000004E0000-0x0000000001C17000-memory.dmp

memory/3656-1223-0x00000000004E0000-0x0000000001C17000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 22c699e09d6996e68887c8017d659a20
SHA1 25a728b2ee54c27d87a936732ab409033e3049b4
SHA256 343cc825b49c73a6b0b5cd313515094d7216584aaad0412906ba78b8c3020647
SHA512 f8a444ce13d21c201aaba28c961b42d0a50da717ebc7d6ab50b57a0dfa62ea6a65a32f182797172f15ead5e0e1e0b17fbdbf98323b02f7a6ff7258f07b4e99d9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

MD5 04d41d94c4078ba7fb8209088ea30610
SHA1 293027895deb6ac7094c4e716ee9798256cab2ef
SHA256 1f0d4febe07d4148aedf470baf3126b67d9f3cc101c44f9af8433bf56b9865ee
SHA512 8d4dcb8e7ae0b43cac5c93ffce30f70ef72950af60da7f8c7706a2fddb7270eb501e9d99f508396ebb09ee16444d393fd94add8893737b63840e5943616d4813

memory/5700-1258-0x00000000004E0000-0x0000000001C17000-memory.dmp

memory/5236-1259-0x00000000004E0000-0x0000000001C17000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 bb2cdf82802bf69b297c9fae3fa48e85
SHA1 f26dbf7984929197238377b2b3e37f974447448d
SHA256 29998264d3f24068d6705e32cb6306f042797a0025aaebda57b3c581a49be0c7
SHA512 00535865805747cb5fe10f4f67872b52e94fd0ce51937f94a7662254027919b13df4af538557116cd4a8002afbeb295c601a79d5e64c8d2d2de9cf377eba1db7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c86988a9-67ef-4439-ac3b-9fdada100108.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

memory/3656-1269-0x00000000004E0000-0x0000000001C17000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 122425ff982ba1922171c156d1946164
SHA1 d813e72379ce722ef5775efd4a8e027c3ef8a2b9
SHA256 5414d36d9828e52190394a451036bb351c0f0fede9e489248b4440b4d202cb33
SHA512 170d695fc2cf00f435dd4bf536989890dd14766d500c4e5aeaebba9df5d30b9b8fa206e1a9fc0ea874d9010b826c353d5786c592db48d56952b6fe15f8c566e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a40445e1a5e5d4bf5049bff90ed11855
SHA1 58ace68ebe69edcfcd5d497560209476e67a089d
SHA256 80d28fd2c8ada72f509f3f073b35d69ecb205da739326f1903d9e4b7ac023b77
SHA512 d558395b84616ffd088781528a9352aeaf286bdb89b0872f9c8e962947a41959bdf69a55859a93586716a4090391a339f2205e9713ac6a7d25586ab783d26bf3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6991932420d744946e63f37d7333dab6
SHA1 4bb5fc1b8dd60b41cdac81a94b372dc65320b67c
SHA256 1bc71400d71ac03bbce485a398225659409115053613b043e9415112c005ec5c
SHA512 d410b6e9fa620ae088a0518a5c93adc0b846d769a72bd16e18dfdbe48179acd801e11e96abf14a987725d9777bffdd91b05c1c98266ae8c5f2eb00c20b2ea1f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 9a12f9bf7e720c79b81ed670e585ddf4
SHA1 7db09c4f83c6525023a310fe3fd54ba131c36a44
SHA256 3951673881156b1a96ca3c6504650f7f5a05993c472f5e9fc636b0d20e512273
SHA512 51b83464d5f6804caf7177de4c2d928a54440be5f0ab81870a67279e83f8a0afca87c60ce8d74d1345d3911e08980a605b327a61b4347df7eadd77f9b45a5804

memory/3656-1342-0x00000000004E0000-0x0000000001C17000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000076

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b870195f82c0a569b799074e72c20e47
SHA1 0679c04059c505eb0dd747e69f574e38eaf51812
SHA256 3834f36583b47e5b6e7b9e6a2fed25fc41721ea3823ea2dc08ce8020c1d38e8a
SHA512 2f802858e139a71d8695d2d53e0d2c4a9ae1a88f157253f48608fa6d98f2d50393b0a420f2b9e53dd4e162eedecee2f2efd148abab86a8a4ba240ae0531b8770

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1a6e863221669bdcc2fae398c92b305e
SHA1 741c9eae78fba683c03e9a9f577bef7ca479c822
SHA256 39e9a1a982716540799328b96f02f8e2bc86a943a03f7a8f90c612ca3b60a226
SHA512 310a55d598433edbf3a778a30011d4915383af086aeef2aa04c6d035363e5c01cda5e3d36eb168c139a0dad2e3008ccf2e4f9932e33d27ca7ad98317e187ef61

C:\Users\Admin\Downloads\Unconfirmed 311034.crdownload

MD5 36dfa8d34abb4ce7133815d614904dd7
SHA1 a426bd58851105fa23490533b20ac3b6956f6ff2
SHA256 2d484383408c76fdf0f7d95d85edefb3a62e383974525c3d3750d3dd68178a59
SHA512 888095557db0ab085239ef0c17e0922a4953ebffac72785a8bf12c735ae30b1ba93ea636e63cf06f3930f2580d21ea8d17136107e668a48d8093faa0ff108a53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\395c8f3b-57fb-48ce-91a7-37571589cc63.tmp

MD5 6388bc864fe4c15ae3d0f7aaeda9733e
SHA1 97ebd212d81378af82912c336457ae2cc4d374af
SHA256 1418b739db23cb0e2072849d89363d98f82776b80cc67f5ba7c3dc357fa1536a
SHA512 307645bafc623ecb7cf1a4dbcdb3027930677d768f0f0a27eae06585394331347cc057930ee4e8e2483d4f34bc973290572fc2c26fd5a6b040e6d815c6f5540e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 46377618a8d57025c27312aeda30d608
SHA1 3e07147ba74768420d3fd1e017fb47f9bff37e8d
SHA256 0c5de25a6ffdba3a0bfcd4ad29dca6ee2be97daff16aecd644be972730fdfc3e
SHA512 c52363ad4d33bf2bd23e0c411d0ebb3348ebe9e59efdc1ed7c614c29f703a88f74503638071b27ddb3d8ec8da09698926356af96301ada685bce09a70358998b

C:\Users\Admin\AppData\Local\Temp\nsq284.tmp\nsExec.dll

MD5 675c4948e1efc929edcabfe67148eddd
SHA1 f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
SHA256 1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
SHA512 61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ebc2e4833663a69a1ea185acae53362b
SHA1 4eeda3b98ed5335deb4c11bc02e9a15521ae0d5f
SHA256 7f57bea79c8170b0c54fb51bdd2021c0931c6f23a27aacae47eca8ced2553eb3
SHA512 758f222b11fdd938e02dd9e44760cfc3295f1275c3d0013d4ee6aac01f7726ad32a190c0420695f24de3b267ace64b335914116f7179e3babe12fd529c89702f

C:\Games\Malinovka\malinovka.exe

MD5 b10f578d4db20f4cb9619bf97c5329be
SHA1 db40b753b0d33c0d7ca0023c6aec5c767ba1b398
SHA256 8567492722584f09f5ea58b22eb48f0f58ff74ca9231ba0e4fe3b723d5e70b45
SHA512 d924315744c544a8df6ff68923240625a466f0d845a057e0f3b7dfcfc8e5ea82014a7e59d5776e98fd1994caa7d6f56645fcfb40872e7ae5df303ac828a43fa2

C:\Users\Admin\AppData\Local\Temp\nsq284.tmp\modern-wizard.bmp

MD5 e2cb25339e83cab7ee233bb68763b990
SHA1 60ede449ba527b0d24059461b358f5fef8fc3901
SHA256 406e0f1086531dda8db5aae2abd4a72960bb2a98b0708f7d15f0f94f7109be55
SHA512 a7b42d6d8f3e22fd32ef7caaa347ba2a8712d1973466b95b68028151a907bfd231f6195d80a7a235226935daa3a4afeeec1ea93312d0c807db170bc01d5f53a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 ace3a3e211510eadf2026628fbd28ab9
SHA1 c9e7859d81ea113ba541ec20aeea92b1dde85e91
SHA256 ddb823b36d675a00f43560b062833d6e4077f13d36c5bbb2c716c1acdc7e2016
SHA512 b58a2ec8d3cd1c6477a572530c5a18dc86b2b180a161a1f49c0de8182ca8d95eed127e88f42a1d0812c032822f044394d7b958a543ed004a22e347a0c081eae2

memory/3656-1553-0x00000000004E0000-0x0000000001C17000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 35260014bc717612386f2e6b9372e2a0
SHA1 7fbcc09d507b5317c8a2939ca398febbdac669d9
SHA256 5863c0127e85ea9fd1e5766d5ab3bcad8e35f19c8557bc0f87c432eb2388621c
SHA512 5bb4e3e76e3006fa2d691d3714f222fc849b3b9e81f87b0b1b2ddf061848044a129f719b420b9ef6f5e507030b69996d46295d8dbdc9e9ec694beaec117b964c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f38c7d78494e68acede466b30538226f
SHA1 a21d95bfc4eaf416d74535f32636148803ab1a9e
SHA256 b04e863465630c8ffd38e8b97bc26ccc9a317096501077e32edf06b642bf387d
SHA512 9e32d656f79ceb36c2ebbd6c6e2355e04437fbb2408aa710f2d4524053bee3536d69c7ca510b20a28fe245e8f82fa4f354db24b9c16eeb2a46142138759fb3fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fc34437ed909bd6c48b47f46089c7b24
SHA1 0b794e96262881b737515ac610d63f965de73f7c
SHA256 515afdc9679a89bd45a4924430a62675039da7d2e3b4fe240b9ddc8cb10e6800
SHA512 77b35ee2b4ab4c3c5c7a32525a6cb98e027687932df210675193ecaab7ac6ff6a4cf84b8dbde71b66d0812bf1966787a2131e81187affea48d4fb4ac3331874d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0aa358b9bb8a31493f79aef78c1576a2
SHA1 36b002265634c997e42fa8d5f3c35b7292de869a
SHA256 305f324a8fe0cc0be96b54905dc11cb72e96b717a067d31f01b649983854f456
SHA512 46162dde2598478cf137546ea2fb3cda88bf93f8dac9818344ecf69b1df1a804364e93b574334d018f608e281dfc5a9698ddbe1dd127e9d6d0f8b1edad803ca7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 7fe2c36271aa8065b034ce9efdbd2a07
SHA1 e22ee654cb122d0d62393dd8d6753d2bcad148a3
SHA256 02cf672988303d8fbdbc7625f54596ece6d83c78152ca6e1aa332fc8c75d5c34
SHA512 45d53a09ced29138e2f99e0e8a293322050f8032e006df06315ac9af2f1ab64d1c767ea5db53289bb5881a4866061299e5a60cd83753fe6ba88e8de7562706ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 869270b0c65b975e79bd2f8208aedf9f
SHA1 e076c63ffb7bfee4cd091e318ae9727cf4483eb6
SHA256 5b0a844442d9f20b3f7402425694605ea43030bbd355b8557876dc0132839cb5
SHA512 bec77fdde974c708d4a478296c791794389f0253fe7316a1e29ac960b3b7134eabc39d5392e75efc9f1d91e84ee834f05b9f8fc1ad7d1b9aeffef7eced5c0338

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bac83ffe1522956836ab1ccffa99d888
SHA1 5ee5e4368b9e94066d8152093cd1551100428893
SHA256 b405337409ecbf860a6294694d9620ae34b680b3f001d1a15682493917e71980
SHA512 f3d6c70e43ed66ba8454fdec3f496cddb61d8591c8261539688c3f5766c7c7e8506b72ac8c1b2145a4f6506f92aa599e181ff4bc1b4dac2eeb0410199c89e9ac

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 acfaa70824f0ab6321b0819eeccb45cf
SHA1 0517b98736be965de66d78a4bb1386cc12ea3b5b
SHA256 d89156f32068126a16a0613a8a232513f8864070e11dd589dbabccc442a691f8
SHA512 5016b9d8e5d212ba3947d4a08321df0b7222c03cf13cdf7f91e53f9fb0f8b9b12e803bd1d25208a6349e880598777e3284fae6f2ef7a83711be434d83a56cc9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ad013.TMP

MD5 b63d14f42264bb1e32c1996fe9221a5f
SHA1 ed6f5e212cc1fec22c145974bca443ffd7101727
SHA256 c31ecb90cdb854052156b4b99e2d4b645aa26c39aac9d6fa6b003eac62fc4ef5
SHA512 99ae425d2277160ce34f320b034e4912a259c1f5fe1198b4ab93c9f7d79577497cf3870b2028437da198d4e70c8e03c55c5a909f2da466059892967b7c8ffa4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f6ba3712973a69b8fff126259240e9f9
SHA1 d1040c32aa1b07e0f75f6f45f72711b9f46458e8
SHA256 4bcdfe0cc52f934dc082ee9ff3431a585a15fed033dd97c40d250abc583f4b1e
SHA512 c5f5c36ba677f7447c2abd11dc55f3a0307e3d0d8953f77c17ed529fcd598d8063ef947bf8d9c6835190498fe97bb10776449a6c93207f07193c9bd2e71ca2a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 384d1b048af081214abcb487cbe5820d
SHA1 412fca7503e54867cf905e5b811e198097ca2947
SHA256 99f04ee2113ffb35990c67ea89beb2bad1d5757dfc0604a2c18fa726f7622ab4
SHA512 8d0819580cd3d5d5a2e70c44508464a4d0dfee9a43e9bf24cd9abc935504af4dc89c864aae7722a92607a8709c4c9d0736873758ba793583b4e84fd7d47f488f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 17e3deb0b35fbd8d0a05456ec48afc45
SHA1 c6caaccfb18804fef58369902a28ad7fff847b5a
SHA256 8c0003ec7ee2a04e128e51abefd5de1b4ab548247755ec9e2d706d52123d08b0
SHA512 66c84a7f512254f27fffbda7e11c36c996368d13169bba66b762f7151b6167f97c05ce4c0da4198d970c7a440edbab18885b9841e0fc34a3c923d8c44019a59e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3084f93d34433af8046bc7fa13c627a7
SHA1 d636860295aa5b05dea1edb32a2f7879278da736
SHA256 761b68c715c3f3cb15b7a94c8a55eee1a1d02cbb3056efc5c9063c721d2fd0b3
SHA512 4942436e01b5ec88897cb64d3d7336e59d16342df310eb62de7907bbce9a0c6e292591558265bf5301b5edd373e4a6ddb9fce87cd47a9d15dbc334d6f14c5303

memory/3656-1970-0x0000000002000000-0x0000000002001000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 039bc29d48fa8aeb3d8d7be52777c70c
SHA1 4a15fa466fae1bd0b47946d81281c06c7ce83da6
SHA256 0b478a0fdc26bca49ec4405664b94cef814197083c10f286b674638a3d72e768
SHA512 f43f5e947a89a98b1784d2c00e6b64415822460e8dc9d6a2964dc2d1daeb75c3f0e17de0aa7758d34a6ea4e31f1705fa034dc98c4a7530590b63e1af8c3e4b9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 828d02519c8c38a8004f945012b83441
SHA1 08b617d943225cbe212f1e69979fcb5cdb96083e
SHA256 87b6d2636dd1f5ff004e140bbfbe5df05a81676d3604098b2b01da093b0fc6bf
SHA512 b060f0b1f969a1ef975c2f483a01e611631c7edb3835a73ec9972389e179282593a98bdde3be5bcaf8856f1c792f250cd315bb5f99c6a870790804ee368f6b05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c56c875ca3fc335c046705cf84b58e36
SHA1 8a1dc080674eed1d4b0fa2258482577d6c37f55d
SHA256 da55f9c051095da5a9cdd18e77c80d0a5813a069828affd6eaa1638145ebfa60
SHA512 eb963268094a3edbd95ce837b6d8f3a7fe07d553be2b7cbed7706587715625ad390234519a2c752aac115f457a1717c14b50b62eaa640fadd3a2d1201ae2f7cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9845127b718abb8eaa44e24248ee7d36
SHA1 3dec3119f3ae890c9c5c1617b69cf4240ff03cf3
SHA256 ec7cb30a8a1e6608ca34c2e4faf1f83d3d406ad7bc384e3a69e40f5780b5cdbe
SHA512 70d0b757da0a198d577927ac77a9cf9da108f9fc5828f61faa6725d77f793d62d1883da653ef77570a6c97667802d867b17fa4ed9832097e556ab5f3b8eba8a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 0fc626bf4c0f6d77d7a7359e97f5a28f
SHA1 a6152ce394e8d0cd608619e88ed40dff0fc72fc4
SHA256 b79389b55b9b31c618d70ba7b6020b8f1957414c5ca033a9dc7a4d7d710a1ea2
SHA512 ac56e977b9758fbfc447c96586b1bc1102f782c8645626faa690d6d7de0108827c8a45db90a1d423c54e6f43fa198354229f406cc6c4f660fe47f9447b27c387

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 947cddb2a3002f3a61b444e4e650b4de
SHA1 c4a8b2fd01e42ca025f1f0699ba24ebff82d6c4c
SHA256 9f0cd106554c6f313c5bbd3f15d8db6029cf18d31cfe37ff93f475ef18f891b6
SHA512 0e07182fc2d84efbd793d34387a9f362ac5c4bb5b0322d78a9e567b35effb3b0f214b34327ad3fd494c5f5dc42c09696e38c6dcdbef8148557c163b018f45371

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 841bcf5ea7ba817f6b16912724185ee1
SHA1 ee3654ae2146681a99be044b99744babf689e833
SHA256 56fb63b9c1954f0abbd3115d733a9899794c8d9b613d42b8397901166e415c0c
SHA512 ec32ef67d9c24d0fe46e4e11900e1eaf11850a0a3b44ebc768f96e4313ca1118571ab60049f624cc5adfde1dee68f7b2aca04018fc2de941f379cb6fbb7b842f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 818afe66a248caed31a6bebe0610e8a1
SHA1 f4c747d529a667c0fc4bb3b7dbd8203f4435f28d
SHA256 ae943319a469e6da139f1f6f8b89612df51cff1adc915c18b2f029e02d10cdcb
SHA512 7f0223077872ea842ff3116bb2e4db6940c54067ede8f0271f9937f7edbb8fd4454dc423fbd174196e22cb37e6f9351aab7b1dc7cdbe11c4496c3d4bc34a853b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 7da50b725680b935327faad7a511113c
SHA1 73117ba58c109a76ba46ff44cd58f4dd46ac9135
SHA256 26d7072221c3d19a0dc6da3434c88c3c653166b5d01e599dcadcf46a3b5e9ca5
SHA512 8681660adf94090942968da58717736ec1ef32be7b628fb618d0fe00454a7462f800704be34a33a9d951aea815f6ba2c03ba858b34afa54cf2dfd17d5884ca45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 683dc8ef7ae3ff8e4b6454035148bb88
SHA1 3ae59ca2a7481104b784c6c4f7ed3c522dacd9c4
SHA256 b90f6a1cd7a90747774aa12d43c89b949b8dff4a89ae77700668be989107c810
SHA512 5bc6012fc68e423e40f9676cb644f31574c8e2e6b4c58b524845595e15a3c9d8d6e7d7232a822075fab12f326ed648e522cecb597ad33e6255376a3439236a68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 32da7c873bfba98cc14555de3f0f9bf6
SHA1 8a48d70e4bc2995e0982a9635b06b76bf19b428d
SHA256 1079355d83f73a18f0ac4d1a6bf66800ca28ff23a59ba08344fc065ac82050f0
SHA512 0be84a03ce754dbeeb1698f654642651e4f5a9e9426fbc1162ff062393b9e0f6999a2d7aee63f996b4ff815fa99edee5914d489c9008e3c4c973026707c1e048

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c80a9caa91ba2de81c76b20f86a3718e
SHA1 e4e858a2cdf2b6105f2a7b99962634649ed0451e
SHA256 b5a9654e8d1865d66e6f36447978ce2add73178b5880d5783fbc43acc2e08edc
SHA512 bd90e86883e65adb942a58776ecbdfc135c03b20ca8915c43506e7ab59bf4d1aaae82776054fe31faf644baf51a06704d66c46bea5f3e0d7d5a2a2d5879e3d65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d0780b0142589bb396c5b8838add8091
SHA1 cbfe5763424b5676e881cafd0509b4a751ad714d
SHA256 30d110e20565ea7a9a90a97a79bfe8f8b91a357c6723eb45871a264ce90f4e88
SHA512 c728d2de0a2f21d7ae9b2b6d0b896ed2fa2516831bd89598c476507695baea9e3b965027c49ea12817da8a3ad27034f3e47f5ef4a33138447aa9199c16a5d671

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8903d94e0032032139731046c2f94101
SHA1 22c678ae4d68e1c2d4c23b2f7d3d7bcb0708f61d
SHA256 7e38e2ad4ef8f1f423d42402ce32708220409d7b282cd85e7df51c88a9550753
SHA512 bf24ea78508ea44595644e6aa2b760da718452af561b09c208fa88fdf72052269e1b0b0122acbfbc6c4bddefaf9d3217ccd8c1ac45bddf8dcbcc8d87cc9d018c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6044d00ffabf86dc5aec5ceab05c22dc
SHA1 a32e4cc4ce3611bb0f58b9b5d2ecdae0bdb15440
SHA256 651f4602b401eadba1f3591f49afdea2fd622226ca411cd383e27fcd3f8f6feb
SHA512 c813ad543d07df5a396e48934dce00255cf71fd3fe22a107eca90db00561563819c87cda0471ca56e2bfc90cd2d51c097ef1dd55641fb2107fd9c54cef3c46ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 87d1eb9f60992a420bc8809a71a40cb4
SHA1 9317812abe2156940f6354bf4fae96d16ff7b65e
SHA256 30369483bc588caa57b876e6d49baed6afae23374b93fa32c2b2832c7bcae30e
SHA512 794c0b69e82402a1031a5e9516156f0be040ed4ff93bc47831923c14bd5b0408f5ab7da3871b5b4f04d62ff43aca1dfafd0bc75a5289965e0e2f577c316c7b0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 218c2abfad0e73aabaf41773bdc6bf6d
SHA1 9b3191ec839f695b41186e32cae41c50224baa46
SHA256 1323def4ac8d7319daaf0d3d9af707f55b0b632afe5989eeca79bcf2eff1e858
SHA512 90edcedf06befb73d20e13379b502fa8dde0a7bb9a991037333b9c97ca0d4ec76eacb64d6d41ea989c32bc28d61699248ceb34653ef963525a6879d49cfc511e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 32745bd277a88044699901dd15db7cd4
SHA1 eeaadaef1d6f0e7ae851ca5ca1be5b7bd2a6c51f
SHA256 2015138e9fad09a6cc1a6c80d51b5d04c948b1aee8e56b690152074f59a6ba6f
SHA512 747f288faf3fc1ad84253f8891a159b6aafaefd30662d960ef77a16196e0e1b7579019156326ecd1acd76bba686668587025e8fb977cd4e06a9b4d9da84d9676

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 581af5e07c53115a9ece65754cf71f63
SHA1 8be7e1dc28a574c1221de985ec63eb0e7b736681
SHA256 d7c11a48eed6923ba979b733cb6174d1b8b92dd85b2dbfc890e03bc7ff0015eb
SHA512 6e38198738863d9fd22e81982232d9105cef546c2f0883533b11f7744328a067068edebeda662e9ca0ef444d2adf323394e16b30fd0240022482c643447e3c1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f8e74505995e5a366293dc557c383670
SHA1 69b79851b5510781d3801e10084aa5f1cf82e945
SHA256 46c49984c5688083c874d28d703f6306a947cef7ae081ec00c33a1315869968c
SHA512 39c065717d75d913ebb42147c66adc22640cefa69884a694df7a47ddce23144f79bbf7eed2e3b2504d63d578f193e887391618566755240d73d101bc9b33cc62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 91b39cccc1be582a0e0cf6eeb44da8cc
SHA1 e36e398b5965388b7ac1fcb49036097fc8f1dd63
SHA256 46db45496a5790ee299b391a530d3b1b5c07c4d6660f6df86bb02299c87c75c5
SHA512 b54c98145d42394061eb8e0f8d3f02a8321ca58dbb852ef0f33bc7d0af42cfc132b09706bdfdfcaa74dd9745e91c5f200f0500a7259e4f7ea68bacab98161dc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_vk.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1b49f4cd35ecc2064fc5ad74c25f50a6
SHA1 cf637dbfe8b1ce7c617a5514d77c5a1ffd19535f
SHA256 2ecf1c898f9da61968f138435dd20bc7fe6f3205cabd2e064b6ef5566db498e3
SHA512 8c601eaac5268fbf3f332148ef3c2ecf4301a714bb5608b31e3cac1fdfafa202edc827c68001bb3829f3af2d6f397b15bb86e3ac1988623b71372a7e4edd2c3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 021e25695a393af0d6350d7b83ea96bf
SHA1 4357de91b7e58e846962fe50697c975bf5ba7614
SHA256 bb6d45a2aad01931da17c23a8e521ea00ecadf3e81648f0338981720b5a34516
SHA512 c73766c52439b4125496b430cd4539d66a3965fb37ee87436dd6f1b1c683ce5760881e3e101072c34c9fe0979899b625ce5cb8aba30d0f7121df83c05dd4bb19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 38f52eaa8b5ebe6f0fde35a2da84cf57
SHA1 053b9b00f2647e153bcc4c1713442de095e6abc1
SHA256 13a0dfdf73b9abc6b6ab7915d743896a1e0bd12fa01f4728ff7133607ca6806a
SHA512 e9909bef146b5580643e52d8eb334aa82f07433aa4c8620eba53e85df2f929d37ffbfdac7a0b500d3c53ad2cf140a936c0f78d3a84dfccb083c88edfd477e39b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5daad9.TMP

MD5 7a500e4d8f2c9e161e0855fe6ba5b623
SHA1 d4128608449ae95f8a558e18c04686a837e1c5dd
SHA256 a72291a9a6bd9b0b689d5469722dc4644e407eb88606a7c3f4d3a85eac95a718
SHA512 10eb659cff32fe056299da3d7abb82f436a3fa713fd9c82dbc4c5d2d2bb12d6efc1d7a44a383b9afe9a662efb569bbb2522a16501875155e54405d9eed502cfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

MD5 8785f68de4e3f2c294b45702457e879c
SHA1 568eab9084e650e5a8c347a7a78b8b182e761134
SHA256 bb938b5ff834c740ad35f72a653a9f954f07254216b9ec17d127565c97617a50
SHA512 3ab6ccd873c1701d857d0e6bbdba5f2e445d75cf07f735dcc713b0bccf128f3cfb619037fccef2cd38362f24874fdc7ffc74bdfbec1b92ad881fdaa0fe4198aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4b3527663e340da1476198f41a68f8ae
SHA1 77d62cb1a8997b257cb83b7aec27c419666d81ce
SHA256 b0b441c91ac56d18c1313f4472e4ff19f84660e99137729e7eca0f75abdabace
SHA512 cb15f70791e9cd12d5f6504df34481f500187dd92df1c32706662a94c8c597cc32e1f0c1e100e0081385ea0f18a3393ee20ea994e6ec45166e791977f19ebb7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 70b2337db721d66d6fedfa7dd265c425
SHA1 2ee8d5f8d54f4cf9e4b2cce873175e42814f7b23
SHA256 e25d55f8ec0a768240331bc5a3c5c54f3d6d542876856285e125cc8ded3f5df5
SHA512 5d69363588f3586216de898eeeb7627b928ee7bf96b17c3d00899ddc95acb49fd324c9e23f2a769e6a0a4b392115c96d26794d01a33a8cf88025e080a2712a49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 45f9375c6324970ef501a36f04685c26
SHA1 a415a42e0a352f36eaeeaeae8cb597b134c4eacb
SHA256 5e6c4f7dcf81f52a2ca7acfdb29ee4ad3dbe2f06e5988e25b08f34432713433d
SHA512 122e9d550d6ba2478680fd740de7f4f5e6404b31f6dbfa4f67160a8ed6f4d576f91299ebb3b279a3f2bfe5eb4533c33f90e6c59b2098d290de56b96c373954a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4ccb2bf1b93255e4245b61738b894766
SHA1 6f73f25145b47a0fdfb6deb8b3d678011ebf8204
SHA256 1e987e2d462f7e73404c357a83fc39270dd2d0844432df6cb27ef288c055eb4e
SHA512 a297c79fba5ec385686006b46fb1dd3bbf6d23bff0951aa42f08bdacfc710451ede0e6143be36e925f5c1d65956ab0b9b3f27e7c06f9e69167b0f9ec7e85fd49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 077422dcc5f40ca323667e9a4e76b4e2
SHA1 beabac2f31f04a7aa45b0a53fef990c3774d113a
SHA256 4fd9d864bb66de7a269aa673b87b2413955e4332ad5bd6fe30abf73a4eaf7f0a
SHA512 ef51683b508eca8cd778e2e6c0b24258325189ad223a9f66154f4a89ebd290a12d6e1b3a89f6ec8dd8b4655c5aa0e972b917a6815ebad4c87198f8862918cb35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bf16371397ac12680d0153e45fee4a39
SHA1 360f6d130c5eb55062a268266e239891be368a4c
SHA256 adac78e29c21f9217da892904515ec606a4f806aa5b835438078e29b2eb11215
SHA512 d424f934bd50f63963fb7936b3fb01a488ff8c0e1706996684d3bd47198e760d84ac5b3d2ef79ba1f04f8362e97cd89a8ea8ea699be989c4340d4bd65dd479d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_zoom.us_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\368a1d7e80886d4abf7545048feef103412df065\7e085300-5b31-4ff6-af8f-9aa4744602ea\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\368a1d7e80886d4abf7545048feef103412df065\index.txt~RFe5dffa0.TMP

MD5 ce11643b8d9c3e4f06501c1e7949e9ed
SHA1 c6a6658701ab6eb7e17fef2aaf0f99daf1401a0c
SHA256 fafec39df34051c10e1ae5906e36de403c236614c86424f3fb3bec427c53a950
SHA512 5d923282796fd0ad3a565fcdf60fbc435e6c4674a6d3422392b8bcc1fd816ae10dcd206908ffa49bb6f880596d8a798cd3a86a88135763032a3da958cda40a6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\368a1d7e80886d4abf7545048feef103412df065\index.txt

MD5 e8dfd86fa69af9193ef3a745a0c7aabc
SHA1 0a3877c33038e27c467be969f3e2826ca5da8755
SHA256 7fbd27ac007387baae63e4279cd20d38d4b455bf1879b4611f741368133967d1
SHA512 7f9b86e12759d8e26e08461fa180d401cfc504909685f84b864635fa47d553fa49f4ed3c96bec5ca6c08eedde7409ef4fd7af38735c555cba5b5165b745141a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 81cd80737709a2eb067f0ac331ef2c83
SHA1 635f4a8bcef8c6447e7793667ba909ac625d7e9d
SHA256 aae35621348a9f8f17ab2f98e88fb338596c0dc838126550f97d192a71111f9f
SHA512 06ae67b2635644313df17f7f6343bac7575bfabf0b4570f834702d42ba701379892540e08c75c54ad15f0b3329e7cc6c522e99607298812af33bafe5773056be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c993876c1548d74622f5e4177b078f15
SHA1 3b3d6a86c821aedc40d8ffe9355d40bb50600f94
SHA256 eba975aedb1efb7ea4b4eb83214435aac8fd78bf9382aa6b34da20c62294d775
SHA512 a20b746ae605fea512d41a9d6d11ccf3c9123a28c4faf4863c8681f025b26ea150de033f2f164fcb257094b33960dff597e16c554672d21b7caf91107722905f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\368a1d7e80886d4abf7545048feef103412df065\7e085300-5b31-4ff6-af8f-9aa4744602ea\6a549912c52a7698_0

MD5 fafd9910eb228da362b9577fe8123976
SHA1 acd2571eab8c61f3dfd5c6a5fbc94e84d0769673
SHA256 5a72e0485f07fe80888d4e7b1f205b94c8485dd129fc7294e0c9fa29127edb2f
SHA512 04f2e4f823e97927087f83c4cfdd6c71b8d8c07b6e09ac17f6225c8d6fe6e9827e4a3632b9d29ade6e2a56a0cf0cf81ba4ba0d1882dfabd7b9b5b83f9ef63faf

C:\Users\Admin\Downloads\ZoomInstallerFull.exe

MD5 9a63a9d230dbfefcd80f6bc747fdda7a
SHA1 6724095a3b26e33e184e727870ffa5fe3943866c
SHA256 241ca21a38019beb76c584c33a3082d7cd85ad7b868ba04859b6ab117b7fc5ab
SHA512 2095690ba36def8583eb7a59090115798a77ef4a0b3b99522a26015bffd6854a23140318ea0583956b1556fce897d6cae5523440e83a0159eaafa12f7a0fcd8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 279d91e3e6b630322e6a68ec77c9e985
SHA1 9eeeee39fa7150ecd189e0508042e5d28c0fcbaf
SHA256 cb275909b2eb393bce0213a7487a019d0c09913ddfdf8321aafe5f11692e302a
SHA512 03e2e681bed678b145ed33b968a97d8fb8b3df7ed822ce3c03e2056b089c143b32bec70ed6c21a1031c82c5caead70e9977754d0daeef5cb7f97683352fadf7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 47d788843e335651eb551d850c467c64
SHA1 8f3d01097eae614f37a61b88e3f7750c358384f4
SHA256 a1b7abe2a38fd682bd56571415ccb0534ba38502488a865a2f266189a1844971
SHA512 d8f19c7520587241e3a272a85ef7e1c975dcefd8a9ad09685e81f936467e98071ca7d01ad5f2784ab621fc554db2bf0125afc1fc448e8c1fb59efa5b84441256

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3afe33fa22e958ed979d1bfc9fafda0f
SHA1 4448c26abe1fd7955b451dbe0c4108435bcbbbc9
SHA256 3ed59ce6b894720e6ddf62343e1aadcdfcbc5d79bf27605443a10e3b370a76dd
SHA512 05f083284af5f5bce644f3d216cb33592e86093632877698e6db72bca1c6cf539cfd81ea3b925821b02d68c4782260205ba53783dfe645e8e0ee44b12ddf1090

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5e9c44e57a89d21f37a5842c47a07dde
SHA1 a83a135eb73c64679e976049ca7e7821474d5a5f
SHA256 8332621a1ac2ed3b35db67de19fcfbf5e18d837999a9c3ccea6488bf92cff9c7
SHA512 1414afcd5969b071f6d2a5c0f0c5d4078f51e026966228b89e13b73e0287c60a11d19ea16d3b2d37d3f95845368fcce879b5dfed60dd392bef63c088fe99f732

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Cmmlib.dll

MD5 f8609d02f7fd137360cb4d70a0cb6985
SHA1 f5a874ac79b07de0e87e7f30ef9227c2f87c9358
SHA256 52c2b29ba89c90e71da740ba7a54d3c3be1c060288a09b4d599fe79b5da487a1
SHA512 8afab0093fe54d2b1402203c767ac9464f7834438eec9fb93a91d8632abcc3af8275377e8f690b209db9359ad31d6bc3778ca70d99bde750f2e09a0942639789

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CmmBrowserEngine.dll

MD5 d749edc6e3c387982bf505ecf5387fe0
SHA1 daa8cbe975c8548fc53d5168bea5d034d31e8649
SHA256 44052d308182b31e5f3b59d2f8052ad25c07746be2ca02e9b83c062f5046446c
SHA512 16fe6267824fdb29226f2b44a8508808d8a059a855b094498545f9fe4c7cc15ba4db6701d4a27620c8d14f174a74309bffa593f522fed75957d81e57198d3370

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptShare.dll

MD5 79704ced311278f83c69991e97e45b51
SHA1 04e4601621c0d45e7634d7de2d0f903a124bff2d
SHA256 229afc3531de9697f6256264512d2f58c492a3dc4b96ad0e159ea5d71fa3feec
SHA512 b61f1a533ba265f349d1e057bb1fbbc3c72426fe878c9310ef48680f772dffa479fce3c8da38035fb74d4b0e5d4aa427e6fe6bc442bedd1ba1e278647ed94f32

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mcm.dll

MD5 c05098a26b4f7c803c1bcea451b30454
SHA1 de71f387b0cd3101b99ddb1a27d637b46ff8dc8d
SHA256 7cc5c9f856ed50d7181b5a5e3d73386492a44cd14f7353f82deb57c988abf7a9
SHA512 ca29e6d49c0ae6a310c1b8b00e2e2c71fa25ec84f8ea940fa691b6cc91e93cf28b591cf861b01b30107fa7901c8faaca0d2a6f41d492cb6d790a6e20a74b8024

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\wr_ding.pcm

MD5 c9318cc2306bf6b1ee74a5987a8d371a
SHA1 f482d3de9e8dd7c04344fab37d067a08233b64dd
SHA256 58cbaef9b7177a4e4427ceb303b852463964a5ac4e979055021eed1901ff164c
SHA512 04ccca6ed6c13872e8d967a9eceb7b485c5f0f7442259395773a1ef168fcf317e60e22ad2840579e4d8b849d1606190cf5dca0e00c2f88cd1891b8206e9a5ec6

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\turbojpeg.dll

MD5 00b85266b2c6a789d95e92db78ae9ce4
SHA1 c93ccd14b15d6920350ab6104e2076659169837b
SHA256 f9800779f4cbe2d227b525a6a954b50857db0173309a6a7bf8c68348a3584fb4
SHA512 6e82b100df558c42b96a6f3413f65249a9542082e9dc3b798fa7451e50ab3a0297901a2fc1738333f3ce7d7afbd67386c4a08389fefa7a55f4ea077ed9e095ed

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\viper.dll

MD5 6b67b159abd503a39455b83585310328
SHA1 1e795b80a34b7fd2ecd00bd91dd293bb9360a5d9
SHA256 f6ec987914afde9e4d20769edb95487d4e6279fd8654fdaa85bce27c9ccd7ae9
SHA512 eabb9b3dfe7eab03db5045452317fd60706d86a0ebd6725d928a6eae53ae34ed47a3acd6082b69e901cc23a00cfeeb7a53a882c0691af8ab4e108896b17c9a4f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zChatApp.dll

MD5 d0c63102d9dff7835cb58ffee66177ca
SHA1 5ee13fee484744b45b527297d6bbf270dfab598b
SHA256 0904f03f99c7ad20288d7fe5016c33019f0edee403cbcf75a53faed70e344f77
SHA512 04aa99a2c529f39bb3804319a964d71daa5cab67fdfd17ed4bffd8f4809ab68c8d8cf6c98ed6f775c9b94d2fce670d3a4d3c0b9c524c166cb89d44d21b8e4bc9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPTApp.dll

MD5 c8b3ce9afc3aa967ad5367aa9a532d62
SHA1 e122cb2373c965ed637f5e6dc4b5a4ef8baeec49
SHA256 d5aabfcec640646f60f004a340ad77b90ffc21da2168d082690fd2d3195589cc
SHA512 95b9722afc1ee7b802b4494bc1ead86a6fb0f0812e2788943697de87c67f62deb01766102575208fb7791390053d4203a0a9d35e5c5652c55de590bbfd35be27

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCommonChat.dll

MD5 9ecde7612ddc476502bffb07bbcc8813
SHA1 5d0bf665f4b6365bcca88fd69bc30688b3957a34
SHA256 e10ca0fd043febd73b56b7092ff0d44c5f18547adc31bbba88d2406bfae81613
SHA512 39d557d6f9c8e332a00188f748fe8903cc8daa74f24f7f5b38ead963a2581107f17976ab164ca7e0438352f83de7eae01b01e548380228b7002b5ca4322bf4ba

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zAutoUpdate.dll

MD5 db8c892cc62d3d07cc238eb623cea2a3
SHA1 65381c62552a9d0819414de93a35711418bf49e5
SHA256 beb8b3958a7c83c5122c3589c62984b0bc0dd7b464722e7d48b5c2d9abafd2da
SHA512 b45e35fe97c4cd4e88241f4961d12905abf29e092cbe1c130955a7f89f33f0ce50949c7b576bc060864c9adf20ab9aabab30ecc40ace3338ba8db60819d31a33

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\util.dll

MD5 a41da236d648c22b9017a82474b762ce
SHA1 fd3025688f7be0d5d71383c96534d3e56342f5bb
SHA256 04eb1c72b50156e29b53e35b5ea5a6cb8ad51095ea83d545f66014dde2eb2939
SHA512 33905f15c4d6e0c10b74463a62ead39e3fa377a3010a476d83ba6bc97be0a9d593abe8e1a9f53fa34d34ae814417109569e32c70f23d4d0e904babf8471dd904

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\tp.dll

MD5 c58deeaf63f5f6fb8c0841e7f12626a8
SHA1 9b5c40fb7a7e8221aaae9a4a95d47242c4a77374
SHA256 bd261ef6010dd6ef733beb244bb266963d747dba2344c9dbdcddbd0789654591
SHA512 b7227c7dbeb515f8334e6cbe30223aa5df074b0e778ecf3358c33baf905f13f904e4696c13ee1588e0028a6ac810d0e905b4e1efb058639bc375b741d578e418

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libssl-3-zm.dll

MD5 79bf8c55064e04f9542d1d76a7114d62
SHA1 c04305a8b30b65a20216a249a2c0607d2d5fd7b8
SHA256 0b239ee3e2323aa60b4aac974610e19552f9671f35052d93987345d54e0b164a
SHA512 3f2cc32336452befe8b55de5454295afa05342e048be6fa80a3a934b37f4f919a696ac370ecb0fcb98a00eecaf95096126d0f6de1583f3083a2a8fb91b5f7e46

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ssb_sdk.dll

MD5 ef5bcfff9e7aa138f70d74a57769d6d2
SHA1 4a5bc2cc24193af8ad2ee55f1c85780a99ea1015
SHA256 c88a12742f1ae904fdda400b84c2156e82cd43ceb0f5145c59f065d11e5d3bf6
SHA512 18985dabe6bf83f1f01c80ebc8f82fb4b857b59d6c6362fb5c1f5713011aac04503883a17059a7d49dfb3f442b878733c9b4a752c4632d30e7464277d7b2e74f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMsgApp.dll

MD5 dbc27f77c7438cc75350497623ff40e3
SHA1 9ec878a83881d2a6488ba05411fcbd60222f8bd1
SHA256 18665a8f656739a98cdc9d0119a9ba7383a6f69ec58e5af69679c172da6ffea6
SHA512 cfc13a169b2477749ed826cc2cb85c867d27bcb82bf476ee0aa7d08134bfb7ccf7c904582da688afe489b2c610ed1a097608dacb86263ab8fc6802835d049316

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zChatUI.dll

MD5 656051d29b9be7faf47b44bbbc5e6b14
SHA1 682ca2484a8f873c7cf65c7810d094bf74a042ff
SHA256 51eaa3febff9584e42f91c23f6a37d24d0819eaae58c8dda35d1e2f392a5dcc7
SHA512 20a0cb55a7cfda7e73482b16a9da946e3974de914339b755298600b939cc5fb090f1b6765d2f1a850b0235dc4b3f3ac9e451d6579c1bd4140da3f5df13cc9b88

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Embedded.properties

MD5 8eb4d755087278aabdc144f024108721
SHA1 05b447c4c1f84fc72598c3abecef94d8422672ab
SHA256 b10197059dee2391a3f1b49d8ddc12837056ecd22cfdd09a412869d29cbd0926
SHA512 b1e9d2a8e01cdd69a9b44cbb4354c3baeabc371b224f77ab6ac2c26234367bb3537e6b6a3dc87d24eefb99e4a68d4ac2692d4cf2a0dd305ddf48663c42f109e2

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCrashReport.exe

MD5 d551d9535bd224d6d04de15e9c5ca467
SHA1 23730d3242b69a698d5074afe4e5fce9c8fbd605
SHA256 c1fe4e04349fa597d74e02d290f354230cbf3b94b77782b3c905ff0c0b79b0ae
SHA512 aa425adeb71ae90371908453524369a4d419c6ad6ca1a3cbd6727a41222cdd91629a69a044552a1abcd94cf52f3d79afae7870e9d20923407ef3e791bf02e86f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCrashReport64.exe

MD5 4dda5281b8d3098a62e43139cc025625
SHA1 b7d575adb32befaa899226916af3d59b5157558d
SHA256 25b31e983f0360581d494cd4e5355aa94ba9dd79fd32f8546844d2105018402d
SHA512 a024bed792e6c625a023a9309bb8774df93ce7db1860ea2382244ca528b7dfd56d41b511f33673ee4187ddd60f195dd62fb9976e3bc2c61572297c63ac0ffd5a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCrashReport64.dll

MD5 f4882ae77dcccd7fc6c73bf4e5f23dbe
SHA1 cd292bbd2bcdfc983b3f365364d9ed87d319029f
SHA256 b5ccffcac6596e1337c5b7ac9a256e6ef658e103a833dfe1c2dce076d3784943
SHA512 3c00c76de72e34f1b2b2b305c9cd3cb73ada2d3ecb7ffa1c5878b0ec244b729870a89f3be492126cc15ce06880c4c35cb2e4f40de3dd02fee5ed450365670e8f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zData.dll

MD5 8108eeb0031be5f023b7ced7ca8641b8
SHA1 f6584d49728148e50c848a375753c39abfd1b460
SHA256 7eae937d07baef407bf48b4b7ea81e11b54321f0719952d6b3b85f5a08909c74
SHA512 7a23cd30596e255b19c8a4523013a240cf6ab2e89b4260d5ce16917bfdf33ffe3000f1cc02dc653b895858e1f26b6e8a7a9cf1d5b41aea363d8106e6a2742b16

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\scintilla.dll

MD5 5522f64fbf9be7657e54fbdb0f8fd408
SHA1 138f7514e389bbbaeab6fd15dae8f6d5684646e9
SHA256 e5674c5f0dc3f13e89b7eab8c2848b5d6e6cd86681121227b850f4735023fbc3
SHA512 1ba098e675bdb700f83296a45c341a8c3cd824f88182ece9d13156aa83dd502e025c1807bcf342a80985d8a31178d73b78901b49f51dc7485e1fe99107cb9297

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWinRes.dll

MD5 2d0c61b8887a28812e3e3f9827bd3c7f
SHA1 fb8ab503df53dbfe8289bf2d3612966a2b34ed49
SHA256 fd3da1e912f1b9b4c88f47f86bcee7bc65e64e9c76cfc264ee8837115daf2e63
SHA512 49bc9ab79fc59a4979d0ec55c2b31bd5381e2886c69fc6ece5b71bfe15df35038b560ad7964d31109fb9d6aba22603d85a7fab5bf18f6104a56c92ca55297d30

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Lexilla.dll

MD5 30f3a3f68cdd80904f9b37cb68eac388
SHA1 8b95407e7250bb353fce49f994ff5ea57287c809
SHA256 87ba41939d1b7486bc9b4e874119faef95326063bfbe9700600f34ccc4f1cc51
SHA512 070621b60e4cbfe8535466573dcfdb8d69cb071ead5b8f57303139a920bfc685f6641f91c2d75b17712cf8749241c5c0b951534879382bc0f5f9ae0a0531a390

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zoom.exe

MD5 49b135dd1d182c8714577aed4c659877
SHA1 1c157de06db73f8404c325380e9e50002a180201
SHA256 b3f48eb6c3dd8eccfd43219ff0e28957db1e7fcff0bf9aa935b43ab2cd38b931
SHA512 7f142a611ef224d535b948fc98ec76ca11b8cfca18d82d31bd597aac185c3adfe5eddbc01b4efc8e87b4f715e6d056cb2e0eead53d577c5e8cf131522e2e3ae1

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomInstall.xml

MD5 c2441be6cb80024554d38fafe85e2c6f
SHA1 b0cb726375286fb2a2350b6ce8f375aed871c9fb
SHA256 433f642079fc949151b258672b3bbf3851d158639a996629b4e21cf367007570
SHA512 5728cb00d02634b6577100c4f8b2bdf7b5fb0e88ee2c338489f0ce1776bd745e883f7eea05c34c496eb4ef7d1ced023b93e52551e3d1492329e6dcd200ffdccf

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zVideoApp.dll

MD5 3dacdec1c7e27c820fbf48764ef26721
SHA1 597162bbe11b2f87a368e549f52f757bc33279d6
SHA256 39e4f12c6e1b9c3710937b27c05df94db1c4335f81ce72c3f0925cc652ee5e26
SHA512 23854ed85c2afa32f60aeb38871963db30591ee3e5ac62a0db4ec37389200b2db84b1ae8698e3ff86dcfc004883455b988cc0b2464d8bf83349ac8c93b802ce3

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zVideoUI.dll

MD5 8be43c1894c5540a342e9e072d44da5d
SHA1 8596c2ffb66c96b09f21b8809af2d9a33f329fac
SHA256 e8cb1ff20d2ed0f80805c94eb930e2a343b6a7bbf56d72c3d4a3433dcc9d29e7
SHA512 8abf0db8eb48f525590d52e67d0bbd3f9d4f567c914ddca3338a6ce7f75988d096c09e211719846455079b43ae30147c5f4f1e60355e050a7002fe107de50c31

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zNetUtils.dll

MD5 a23d22380839622c42cc6b4599b6470b
SHA1 f135bb6042b495af179cb895b694c727669f9883
SHA256 727140a842ac2f8c2deae067c615c51555023f80af33ba85af6320927b7ebb8b
SHA512 c263ce64cb21f922ac08fb52c293150181abead8ecb1677fff7492623dd9875f73c2dd3825b4133aee9872566f08b67d925a942c92acb940f62274959bec1ff3

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWBUI.dll

MD5 5e786fb6aed92603cbaac8e0f42d7f6d
SHA1 eee4aa62b9836e39b6e9dbe4a6614866dc2fba72
SHA256 a1cbed6c0bcb5dc0fb84de0785b335de4db2c8b38324f4378a0e0f7eb1cfb460
SHA512 69e9481922f61256afb0badafdc556bce1a625e2924e2f883c71168563038be6b02fe57b7d41976a8087333a07095157685175da09df0b576660b19661ae0369

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\duilib_license.txt

MD5 7faec2006bb231d14b794a9f31769448
SHA1 c2b5a34fe521502f6fca3031201b47074f30f258
SHA256 7ed2acca31a243ba107d8c12fddecd52462fd326d3d2c73b04d4cf10c76765ff
SHA512 777e0ec5d6b599fb0eabb8180fb6f302012ff12245e3de6a3dc568798cb057858eff18b08dacd28a72250236c4767abc2583670d92a946f684b45cb5144bd7e2

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\directui_license.txt

MD5 ab54b14548a4cc76dd7c27414d971111
SHA1 68a3888b33ee1c5d5efb913846867c9a8788cadb
SHA256 6033476be3d1d41166b65984e2be94c87ac98dce55bfec887e932b696e859295
SHA512 cc8c4d90efedf4aeb3ba3b64ebd0e938576867618a334bccf3cb6790338c6a1da239393a618f6e6a1186cb363cb514ac9528ada51f0090fe2fc709e5c666d971

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\DuiLib.dll

MD5 55b2adec395c6cd13146cd1040fd00d8
SHA1 3de024b54bc9c891061e6d198bcd689a9f995bfd
SHA256 3b9519b183ca5eea2aa279d5bbc13bf819c898d7a02eb947f140dcc0abccfb9d
SHA512 13f37bb5810fbc2d812c8860ebfe84aad2fa141cef725c2cc4e30872500c600bcf0048c32da6806c34e24442d66961f979358e4f9678b4082e50a696f7103742

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\airhost.exe

MD5 00e8fa4f8f0d3e79a2eea156f627ec73
SHA1 c6dd3dc295c50bdb71b875c0132fb1717a6555b1
SHA256 8b604c66bb1d0cf1313b24f4c27d7679c69f7b3065bebb997b81f454f10450f5
SHA512 0c372235e3ca48b3fc4b4c8f10ddd60ea6cd77d102da818477025d06e2f0573c53a34b2d980030bf23315931a6868513f0696eea1ffe3c3afbd0ab668e7884fd

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\avcodec_zm-59.dll

MD5 f1bef4b27945deb2ac29d0c06d174aea
SHA1 65b9afd574a2a2b4565d250688f592bbe88bec08
SHA256 d12b2624f5fcc07df65f826f7f4ca26bd00f63cb8139f9be3a389e06e7686df9
SHA512 652b47297d94e7fba085d2d07fb5454de5424bddf09442b2493b550f04db300496637098c77f2e32f1919ff21bba44c6d5c537008feeec685bfeb8d3d2e9ae5f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\avutil_zm-57.dll

MD5 6b742533208ec26d707ccf5333abd9ff
SHA1 780b0bdc3013495c2efa4812bdb8a5ada1f3d817
SHA256 cb3d35ece04fad407591f3d8b1d01f9e47ea33c2a4a6bdec817df42a81d80324
SHA512 24cd9708bb733c525fa8bca4deb85e3350a6bc90edc5ebfc8268049931d6bee92b72f5f9d439975351a649087eb6a87ae53ec82459f90ad30b0b4ac0dce74bf9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\avformat_zm-59.dll

MD5 b32ccd17c23198636302c599cdc9344a
SHA1 64289fd19e00ab2a7719ee40be021f036adefa9f
SHA256 c61d9c18ecc6980a22a6c5468b5d554e31d53f822c9fb4b47c8b829ebc4df040
SHA512 75ada97111bbcd895304e4df9b326abf8dc41af73241de73b951b08b66a03f114a83499008d1d7c79d9f99c2c9767a3f0233a7cc6bd955f08500fd661d52f118

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\leave.pcm

MD5 3fcc19f6a199e97646a0ab32423c9332
SHA1 05613b14d6c7336b24e9779963d245098e73b40c
SHA256 efbd514b0ea241a560f1333cdbb90a9885d5c70c01ed032d11b8a672b1096a04
SHA512 b370ad863badd0d86d982eada1fd98306b686ef1cca4cc522558cbde40257effa96afd7327141beb08d9927a6b190e0047ad7978e87a41bf299f030c1cee121c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptControl.exe

MD5 c8885bea04914b8ed2048e428a8ac315
SHA1 4ddf3e9c236ade1ba49dc1243ef4096c094fe013
SHA256 d70d944c91c3088062b0e239222164b1dac81b412b4869fcbb2e6b6ed56e14eb
SHA512 9eda703cc5abca5624b9cce899438e8676167b01b0ea8a6944b520cd0f179755e823931f1e2d56f762aa0f7e2933a523548ef1c522f1292b5030fbdf643e2916

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zSipCallApp.dll

MD5 b0895068b03a1cff744bb63630fe48cb
SHA1 1258e318dda668d38879c4ce3fff40dd29be048d
SHA256 ea29b4afe0a1784ba3dc892e99bd38867e7c9b71f28a47948a3a782835eff528
SHA512 242d0785198f2540f2daf6fe43c1d4355b7ae4ed4ff9abccd3b048f21e84e8ab39099a342cd1445e96fb32f5c4a5370f27766f4f294ffdf384573391260ae444

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zSipCallCommonBase.dll

MD5 12d693bba1506ab86144afbbe413f0af
SHA1 315837e681084ae2e19485b8a7aef2a90c4eb5b2
SHA256 451abecb970c3e73ccacc7f7b31f61764416a21676df9d955949942974402b8e
SHA512 28b45483a0c6c17818fef2815be07db56bfb53713f71e62d85975e6bf5e31598a3fe2d8ba3dfbe37819c007fde76ed21e358e07c528c26c40f0116de9ed0000a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zAssistant.dll

MD5 abb8b05fcdd29cef1d5a9c1a30552026
SHA1 52df89a40fc5b0bc26e7f4d117fa9d452fd2f20e
SHA256 d98d3e63bac12fd37ed87d35b31892717b7acc6f174245b0f0a5aa5b32ac11cb
SHA512 6a5036721f1ec8e0a060b10bbe0d5516ad2357fcde2668acdd05e2a0e455cc8fe3271372829389117e151fdb7582ed2e763de4a9cb5534283d1e2251e3b00ce8

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libmpg123.dll

MD5 ce3f3c40043b4ee136ed776201cd7eb4
SHA1 e57caa6f713b155baff38baad5f26c8f49b74f5c
SHA256 6f29075d341c44a9dc991cbc060faf49088a6169227db8a6d1ee2ddd2adafe1b
SHA512 76d1caa5dbfdef57dc06d4f147c6e9824bee7cef7c853fc657ae2b1713f544142c64187b1608becba6962d85eddea21e12220d33ec46c0c8c292bece497fd94a

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\nanosvg_LICENSE.txt

MD5 078690812af4ba8567fcc2af2ca1d307
SHA1 f4f94babc436555d2f5992e29aacc47433fbadb4
SHA256 e82bc3dd03400aecabe12201219ba14750dbc4b36faab58663a7a6068548d372
SHA512 f4e1f1092ab90f380a63ed1954023722d265e32f7f3d9b86100fbfa7d6ecd8c584a7dc22b4e3cc4182957136e2d765d0d6a293694b739377c09b076e5fe448fb

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\aomhost64.exe

MD5 518a638b42a18cbf20b49774e9b3bbc9
SHA1 bf9101e8e4ac7c7d31d30cf5d6477449f865f837
SHA256 071dd383984b3c40b22a54560c02291cf1ee09b591f56f008f120934b9d8163e
SHA512 762974422351f553f11d8593a72b56d54f391c375c8c717d8844106e121bcdf472fab5762a40cbd3bbb599c20378fe7ea3b88b9d4132db2f8596cd050d9f03b7

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libcml.dll

MD5 0f646b1f1d37f6b1cdf4e8ca860c0f3c
SHA1 fbc822980093759a26f8b4e0368df2025b3eed9a
SHA256 02cef5de455ccd58fda6c9c5a0b30f5276383e86241dab897baa365b6ce8e03a
SHA512 5d8aac5c2da8917048e982e4bf7d445d9123e741db215edc7aed0ec275f629aa72b5771d5dbce26875b8edc375318fce638330ba868c1a8a664c392a283ad3e5

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mkldnn.dll

MD5 5835dbe258ca78e8a8c999d5b0ec5f71
SHA1 b96f7d85df64878179a790ce9e3a2b0a0a38d9a1
SHA256 969a5ba2c8cae69daa27fa72a0fe6a7c72c684d05062223b021b9f4f4a771263
SHA512 a8b0798ebaee68f1a78d922e6437d34a26ee26759ddddb8c452deb6c6e95fe40b85c8cd68b6a697fe41164f4c2d3ad1bc0033e3a17e090de547cfba28e15f7f2

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\d3dcompiler_47.dll

MD5 aca55ef8d43616c0380a3f0fcf3377dc
SHA1 ea6755fe23891f6b9691bba1477e59d23eb61385
SHA256 c0ee49aa7cfb88902fba57b77934d7bf10b4b090531cfe35df084602e24c10b4
SHA512 548c949bfa8a881992b6ff8349be45ab218eb45d12a65bbbbf2a4563eb4edc84b37e63d1d490b56c8b0a40bb2ad8e6ad0321b79ca78fb3f0c7f404072a42facd

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\dvf.dll

MD5 045ad731b4139b46dc46782d06399557
SHA1 29033417424ba495cd613a94cc86ccf613c9d321
SHA256 92ae3f1173b5691ffd0e131b4d9a2c81744d7c1c08ce54c66a9869a7835ef490
SHA512 ba703cc09b4d4b1492c6fd9c3ae5f2cfcc1f67ec54e67a653cb759bb9e60c566715b5fc179fecea6dc34bd7b6dcde4495b22ab50ef532c324921cef9a2d899db

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zmp.dll

MD5 a1249a299df9086929ca52ad952374df
SHA1 ca2c38f32f159d7b6ba1ff80b4c93f797ba33612
SHA256 5a059bad2ac1c07870d5a56382be090d2d233cc6f72c393f80ea88090432c8fc
SHA512 ac4d4d3e58fc1dd8f4f88f2d464ca8978fb8861ac11b872dd7dace1c4385df7963f7585c732ec4990a1733ceec544bba1744217346396660bee3cfecaab5b1cc

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\clDNN64.dll

MD5 d21cd646735507f17a89f6bb7e961c47
SHA1 7a11b3ae461e140eb817893a3d6e62ef7739b27a
SHA256 042dc47dce2b6cbf25e3afad188ec3dfb78b1c2f1f83baf7d457fe90b21dae3e
SHA512 1d3ab2b64752ac2f27226796eeb1cc02b2c5d1d80c9dcd86ddc20e929c83ddfcb75d756aa0668c769a6557da974a8c0a681b83f800419568db612ab3a4be09a4

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\aomagent.dll

MD5 8092b14c047e569033149a4581e27b7e
SHA1 18db39eb939ac76a0c695ccb4721c198db52d00e
SHA256 bb280f77134620324fa58f8b6fb40c17547539a44faaf2ad1a7cb373d163b5fc
SHA512 ead755e124574a3c52ade392971a5057f13efb21633b400c202ed40e32d012c3ebf6880046a2332b661ada0e8bf49f268db3bad5714339596687e3659a5c5163

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zSipcallRes.dll

MD5 aa188fe47b6a705bf3b425cb6dae9fc3
SHA1 5bbb1c6b4f2ce05c48f91d01192b89487157fb55
SHA256 23bc7ba1fa2699b40d9068d0b8b7f45c0184b317f103915e52bd51b590c8f752
SHA512 96640b4ae81815a838e14ba3caf83fbf4833fec1ebbbf3bcf345bcc99c0ae77d36120500be2f60487e743dbbedaa107eb942b821b977b7826446629713805935

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\openvino.dll

MD5 1b6051cec41668de950f16bf4ea01c11
SHA1 fc796a4ec2750dd802cbafb2dedcbe96a9b910c8
SHA256 166c53bfe0edeee649b33b3782449723353ffb22c982f703aeb30ff80c94af83
SHA512 a228b446197797f55f10e770cb1121adb49753955207fc11e749a233679dce9b70cbde43e5d4d41ecdd0cc2ce3514162e2e190042defde8274f0322bd9275522

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zSipcallUI.dll

MD5 3065a1f59ef32fcd1b0db8cbd9e4cca0
SHA1 ef7f29a6fec5ffcd877f9fffd67bfca621d85f41
SHA256 d12762a1a287049a7d17929cf4bf6390939107f8ab32b58d5310a8308e990f1a
SHA512 0bde2cbd69f96d50ec2571f8d1033a5c1d8079221d578d65abae3c1b9baad9ed6f21173369854f2d421b3f2590e5c73e5837a9da547f1c3e6745421eef3bad18

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\openvino_c.dll

MD5 6bd0233db00c72080331ab4717021543
SHA1 309657d9e3230f97f3930cf26e409fe0fab2ae5a
SHA256 fb4bc48d13849c683748926a2ebb77f4eaa6af250e685336a6b7b00918bd10e6
SHA512 472cda5f306ba06308c21b73c6a4c4fdf9e6749eb66759ce3eb63ef50a2462d466496b46023aa6939aa54d5eeae3cae023465bb021a9111fbf520b43218d766d

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\openvino_intel_gpu_plugin.dll

MD5 0e23940e9177e1652f2dca85f98d80b5
SHA1 8831c1396702be83993c6211d9e49c5cc7606ee7
SHA256 a7111ddb967814bffccfd63021c1a38f3f79d1d1b0f36f210d34682680aeb729
SHA512 984790214c87677715dc6e335fa341032ba8256fd96c558edbecf0abed274a72eafb393db67fe182f8de50fa720e22ddfe0759b939b6fb0955134b9293678dd6

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zSipSdk.dll

MD5 d560d101ababe7e07c89b7360f9735f3
SHA1 b8ff75fa4f367405fa1718b2cc321169b93efcc4
SHA256 b1526204aa2be1928a5fae5e36ce3c3d43d9466f50c8881143ad014d1f3b2c9f
SHA512 37ed7a6a85d9dc37be76aaca8a653e028498ce07a0db543f2821da45b1c4952c9425ad2e47fb3f8bd9db978de1abae2ae8545c4f74407d9c47a769ca55b4d30f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zSipCallCommon.dll

MD5 6621138a2ea686ff6c2cdf5fad8d2458
SHA1 a4559e1842cffed9bc4e320550849d0391ebff13
SHA256 e1651b9147dc45aa0823a78a42ec7a36e0b6363e39a31a84952815fd5ce3ea37
SHA512 7cd5a4be2f22f14dbeefd8e0e7b30f3b768f60c1e2663a3bd6294abc447832b99062690e129b6727370adc3b7d5697aa61917611451508fd9caffd2a9766d272

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\tbb.dll

MD5 560ac6fc29215f4fb9c61f5d78b3af12
SHA1 2b4f8b5d65e8eb1b66dd07a7625bc6f106ac99cb
SHA256 89c706f401f69040b01d34ab104bc08ddcfb4a6def976ab7c8b98b299ed8cb4f
SHA512 4bbacf5ba24235efab5c0533b6d889db09ab924808fa86d616a7fb12fce25e788bf498b918df505ddf982a917f97e0869e3e119d316712ccea674ab23675ae40

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\plugins.xml

MD5 7d081fe6f9c94c19987c04d1e6a5c506
SHA1 1485302a3eb6765bfeccc8f2c7d9eb98dd889975
SHA256 0bb8de37ac6d5d12a1d802276df79d9f378d017f54f4a03041a375b7f8d3b584
SHA512 3ee9c6c46a75c508cf3c38885dd7b05e0e9840df95e73b2fd9939a2c705b87ba9ceb45d764a878aac1bec2921cfd7a1f2c94f45ca6193dc4a4f639bccdfa8246

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zUpdater.exe

MD5 dc93189ad9ce93df178c155772e717b8
SHA1 855a68b811babd8980c23f260a584119b20fdec2
SHA256 17ba06a92e2dbfa800dfdefc5ddea19f30b4346d77fa26af668522012e60b2e1
SHA512 db710cc718bc9bc061a9021dca2ad162dc0aa98381b5c5a1ce8166b6af9311d5558761e5e4864d26b421b1ad4f4b884f94eb3895807f47e92bf22bcf603f12f5

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Droplet.pcm

MD5 923d4747324854f50ecf69324741c8ca
SHA1 4c19f847fa8fdf55e27b2847bfe09789adfb9e59
SHA256 3568dba00a55d25b736737a48163c13c1348afc5d4022a29ca0d3724d29ffe9f
SHA512 4ae265a89f693304fbeeb661d46d0cd96304083af75b5c245db63a632f40e08ca280a68f20115c6c38f5202801b29084633ffed4da16304689c4379f77693a0d

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomDocConverter.exe

MD5 34d1d7467f1b59c70bf266c176699aa4
SHA1 ee4884879b5ef3efff5d7e4abdb96c8c1841292f
SHA256 69d1eedb3c7e7862cd6ff61658b81c9d7de715deb64b68689a7f9dcb30d8b70a
SHA512 b5b60c02a9b50ac23ab4c59ffbe16c85539d2f73e2b387f48e45b5d5a0e46d0d7d2817b7f0ab66509ba035bd2dd6ba119e4f9af0bfab861968a94f09df314140

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\meeting_chat_chime.pcm

MD5 b30a997b4a9df68d8796eef6f457f4aa
SHA1 23890fbc1f66c1061c60b8287659566c69b297d1
SHA256 f2ff5d73ee2a89135094ecb5165b30e351bb24ee4eeee95508f311eecdc9811f
SHA512 8cfc3b13d7c2ffa0438ab12669aef756bac76063cbf317e449e5ba4127c0604bab6fba793866857f4a68806e9ed779c0c521fc46c5ae3aab42de7c72d98613f4

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\meeting_raisehand_chime.pcm

MD5 cd7d41d5204013ce176c99c225016d6d
SHA1 996ea48981e81ecb107cd77fd0d6e35edc4d4214
SHA256 cd9b81d47633fe9aa3f1020d895161de8c31797b365f93dfb22a60d920cc2eb3
SHA512 44afe616a2596abc76cf9f862837b26c00e6214a08b61c6569e7ee07ab4331f4968d718889863cffc74ceed55ff377932432c7191dba4efdb638ea3b96badebc

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomOutlookIMPlugin.exe

MD5 7f21ee953617d997fa3bbca77117b397
SHA1 da5bdb90fa94b9527ca20b484e2eb585c358df30
SHA256 5b3f85574271e075e1a1e8a4242d0c9cc37c295f62081bb18800054fddd5cc8b
SHA512 2daf163dbd98bdcc343c09768f938ef9ac8895475df55afe562fd746491b2d1eadb4a4707226bd5af50a8a35ebfb9ca81fec469c2dba9d3604fd2199c9df50be

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\openvino_ir_frontend.dll

MD5 39f712798bfee84f9791ce8c4d3b5ccb
SHA1 a7a05c981c8101d105c70d9cbfa3002b5960b02b
SHA256 7a5f64e5d6c847a0d94e3c41171d8591268e4ec1439d35c57c6f209eb53c7993
SHA512 3bec4f7d3d1d3a70a5336e940524aa3974e9ca58f30ad3993d6b412a3c3c51cd959cbce96c406e2ef96cb64ba9138ea5e7cee96c896cc38c6742d7b96523ec96

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zzhost.dll

MD5 3643b22484c29dc147c59c33567cfe79
SHA1 cd69528c633ddd23042293354f56d1174182a297
SHA256 2f9e6cca041ee434ccaf66e966118201cc9fcb0081edad0196a8ffa52b5867ee
SHA512 6dc6c5a4b9896257d50cfae76b30a08180c813aba2d3b73b85551f143ba7ae477f4a436d92363407389ab29320227de1e3231104dfbe54b33e2321dfb4174ec0

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptService.exe

MD5 853e4eb146a1e15f17eb15f14b05cbdd
SHA1 abc36d5a339110c7ffc70e572bc9cec099e0004d
SHA256 26a7dd2f5d1556d9e859b0ebd93b29e01af06e31f2c9bb91cbd0af6b18e2f2fa
SHA512 eccb558f06eb5234e7e9a379360a146b65955bc975c614bdd4a031c37fccba8ad6352fd786bedcd791d21f93c27553b9191a99043d37dd71fa1c3a81d0293944

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptInstall.exe

MD5 380bd7ebf828851ca47c887c1a82ca93
SHA1 2c0f427df6c552eace8a2bd969445e611caaf977
SHA256 6ea8eb60a85d5c8b75ccf72d31ea78cb2798b3591707667bf657dc9acac255ff
SHA512 8913b8d84f84a84de86c52b67acf3bb8f1bb114dfb4030d78a2fb2c1e4b21d3aa7fc99201d4791422056e08fc44d39f456da4e75f1df20d2d80038319a0439b4

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\asproxy.dll

MD5 44f9b8b4838bfcf5aa932492d0cef3b3
SHA1 23b2c37cc11b83cbcaf6f05b5aa37fc1bdef4474
SHA256 820919b0e8d86171e1e730adee788bd8131c98a0d146dbeea108291dbc6de31b
SHA512 e19e95e8df921e8b0d10a8cca10a08703c43c7a1d952989eaf93bf2979fa3b04a36c947f4e078be04cf3d2319ea18c43f447a9b7135c52e9707246f94bfc2699

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCCIMeeting.dll

MD5 f615fb3d0bdbcb943f38e482d67116fc
SHA1 06fb6b2bfbf4ab983e5585e092c0b6ffa4945762
SHA256 76367bd2157b286d47cb9b710635b8300ac99a644afebff57740736baf96d5a2
SHA512 9ae3c2a91e5e087abf91d9e68ef0f559e92016250c2c875b7821710ceee75b15d23282366b5aa9587df68f4453375ae9fb93e883707f8273e9a5b05c2698d8f5

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCCIVideo.dll

MD5 5c46386b011bb8d60a7b6a3ee3f88849
SHA1 503debc663bc2ecd4f77a0b2aa7cdaaf529ffd2e
SHA256 5d6e847509b81dd8e9c40c06fa787af730cc1d04d6cac0d4a581c4187cfd43c3
SHA512 752d70737ada5f7a3da619a1b1ac51e1fccaaa4c3d94c1f2c14e75d71fb4c0e838c2473b1157d24f3bec39346fbc2ac8710096be2d46397645d72a65dbedbfa0

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomOutlookMAPI64.exe

MD5 ac4eb5fbd9a19ec154caed2141789099
SHA1 025a6dad8383eb34f01d0c88f592ae0cf12987d6
SHA256 6fe713e42de67f82afdcdc1c1a3fa4d5b8382f59bba6c3005b79e083aebe642d
SHA512 d2d9ef11ad183fcaf4167f0d480cd619a52d3b35adbb898e3308e21ba225a22951b0e5d963c969df960699516052d4a754d38a198005b00bef59302f624fad62

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomOutlookMAPI.exe

MD5 29aa94c8adf1916ff55dabb361bd2c33
SHA1 9ef9279e69d5a8b6f8ed76e996bd6bbdec3b6730
SHA256 96b9221cb3a047994b33b74d28e66345701e20941e9bb71aef6f045317c23264
SHA512 79d15d49a9e1bb28ad1ba281fb9ccf0f0c3b76f25e8d734888e1ed1b213514994ffdca5875dec281042119527b532b7e35617635170897fd15bf3353961d5515

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\UIBase.dll

MD5 a95eef7e1427098d52ece8775cd38e3b
SHA1 2ee6e9a0c2ab3f7da84c798a3661ffbec761287b
SHA256 363deda6574ed88b01316c9036eab266b866d6b0c8ab5d57c48e3d4c8bb93919
SHA512 dc105a6fcdd60dbbbcab91cb89dafa1df5aba6f4641484f7e9645200d2f46ccb4d8d0aa65806f0efd44525cdf9e78fd09d8450cabad53086895c7f9a6f87f25d

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\Ukulele.pcm

MD5 1c93f100d9e60160c1f16ddd8a5d012b
SHA1 3c066fa5b601f29d238525e2f0e714ec8de0f552
SHA256 54e04e1618cd45ac621b31c1cd537d04382f6c7e5fc62b7c20a2b595b961bed5
SHA512 fa004c19fc132cbc3dcf1cc34489bdb93e7943e07073c6d58a5a2abaad6b249666bc73f80509a2322f7f38b93d7ae95e9b0ef8fbe6e7639cd618bb6b9d820020

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zOutlookIMUtil.dll

MD5 368b83079cc6158b05d2f934205ddd12
SHA1 59ee2b68cecb4aba883a984cadfa6ee942175a9f
SHA256 da272264f5bb11a01e3d6d37765a9772cc71559a431379d8d6b779d2e973ade6
SHA512 c146f5166a86007edc93cbd57192ff954d55870cdf67b52698b33511846558158f6c74bfac3a26ba2bd57ca69f7ddcb82beb5ad7d077ea5c4f3c231aff65503c

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\Silent.pcm

MD5 de74ff821c5d7f33259db9e85009ff02
SHA1 f9cd04668030703b5304c47bdb5a2e6638b0df89
SHA256 b24b0ec151d68a40d7c89f7eb1d52abce1eb9112041f755f5e092474e5aa638a
SHA512 8d9d3a1106e96ba57cc5d9a5ba2fa7c21ca0a47fbd9e841e5d6e3f61a1029e321b8210098fc26280b62fa6fbacb0b42e23b36129a5b05bee0654128d4660b47b

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\percussion.pcm

MD5 388728657dd2d77d2257a90b9c935650
SHA1 17c15f9be8b263c52dc165b3395d8d92e72ec313
SHA256 dafa23315ef2893d200a88b65b8f455e788acd616d0634c35385d460f07c6a61
SHA512 5b4b298df61c4bafa4f2b4ffe2193ed331460ed922a17f2abedcd20f6f1b1af8719694299e367af0ba757ec3496d99fc67ff1963e27195ed30a95e5dbe97a2b5

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zApp.dll

MD5 eaf40d0cf18e7a0ff0c7d531856b7cec
SHA1 27b5b7ddf069d5a40406550124d02221a374abd5
SHA256 2532041972570e18ce6b57730240888d62288d1eafe734dab306a6138dc7497e
SHA512 3d62a802124bf114b79c8ef983f1641157d3c026499cd4a85ba71d96cd77e2d5f9113c61a7b6d3528a6e71ee110a064fd317c123c7748bb6f5efc52fa8f81c2f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCustomizeMeetingUI.dll

MD5 74a4180f4ddcb5fec5a4f2675645a9a4
SHA1 db55f4869a977cea3d8a20823c7ff53d391380c4
SHA256 70d2aff588d0288ffc7072e30367ba063a76e78483d1df4362bfda4673878c55
SHA512 288b7208a245e4a9f80a016dd1407398a22947d845c52aa30058e217d49d8585cf47e2e9faeb8cb2d97b54a644b5cca57c0fc05d6f036aa58bcbed1d6cfee618

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zoom_meeting_bridge.dll

MD5 66931eca21f6beef5cb1373c049089c6
SHA1 3839cb94b08337bb39cc68bdc93dc3d4cbf43168
SHA256 1b0901cc9d8baf349f110859f9eb764cde1d24de3538a0dc3dce56941e9775c8
SHA512 b9716afd49695697afdd24bac50dd3e310d5055f11c8d94fd77018b779b1d97d74b9aadb3258454aea78c426f5d5c56b803115722206e86d853a0a59efc8c16f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\WebView2Loader.dll

MD5 4fc06d79075c15095e605ff1d51a2e2f
SHA1 6db7e657c51c4c7eca7200aece4743cf2b14d433
SHA256 e74f5cd46c7f47019dded5cbaa8688d00e60eaa2a3e3612545d24f058b3d798a
SHA512 29e126390377e64bfbbdf3a9f36b42bad4f71ed50790e43655a6291b7b6d3c938b2f4070def1cf0cddbd402768fc0b97d27887a3916e95ace0a9e65d0d917ba9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWebview2Agent.exe

MD5 c77230f409a5afd54e2b2c4e0bde4da6
SHA1 c3a03033dbbf5f1cb37594978a80ce310966a4b3
SHA256 7f8689aaf12e3af025c5c11f1ec410a2bb5747f7b31645cad25434c1b6e600b9
SHA512 98468958fc04235772b460e02956e1f00198460651d019ee57403c344942d2a7e7f53b677e26b3ffe6768b9766305565f79c6b38ad2fde04a53bd5732b7d3ddb

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCCIUI.dll

MD5 bdbf415a134155a2fbc5a4a8a58ed258
SHA1 5e1a0900bb7caa64c84f9358e239d140ebb657dc
SHA256 1ea73907767e5bb4cf517dc4e80867a1f9597266f892e0683fff0bcc7b902112
SHA512 5b15f35d76b1d1159a52ef4b848017b628be6ca34cfa1418d163a852412962b7906bebd7c03b5c139ad865f60dbb81cfd3765caec3c5acdf8de2425140f1855a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCalendarUI.dll

MD5 6c528d139bc9bf33638dde659fdbdb97
SHA1 6652cd0e1dc7080e1e629a898b4eb9981be19d13
SHA256 63563cff80df127459a7224c61ccb77a2802b5bd5fb23d5a429f4ad6ea02fa61
SHA512 39ccb53c3041b9d015bd068cbafc8e9fac65d49572681ee52eb680c5665d79da9a06db2b91f34dee498ae027f20e9b8f73cdf51add40f35f4ea35b7a309f484a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPreMeetingApp.dll

MD5 2636e86b845d832ce30947febb84bfab
SHA1 fdc37c456169f40c56c39b0054006afd7b87b37f
SHA256 5133e4f33429af994f619cffa0830f765950b715d8b1f84a7efc61527c91b75d
SHA512 5785a9fed6e1604fef77b21abff255653f511f982c2062926e5d19dd237cd2cf82ebbeac399edca3c4bdab7d00a77428a56803e0e13df33ac88126eccc6e15fa

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\MailClient.dll

MD5 8b29ffc247b06f75a59701c14e9830f6
SHA1 a12dd2a16f4d0ac25650d1552d1e828b419909ed
SHA256 137570c10ca1704225a8f247da026bc0f1727afb3ea544eec88b4b266f5b3323
SHA512 026321116775479c504b267132ca096de08fb7a250b927f5a8f1c69c9bbbf1d275d63276b9678fbe592f5a8540a00c2b7fda8fdfef1120efc1741b180117e815

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCalendarRes.dll

MD5 f12d1d1a7e3394ce8de7f1aa8f6801e3
SHA1 88feb9566f063b340809a607db287ab360a450da
SHA256 b78bd6d53c8b7b32272e3d0e1b927cc96d3d1a50058f60d223d1625ad7a3f7bd
SHA512 dd397184756bbd84113f11aa788f6e644adbfb8e6a09e931e82179aeef521a17263df6f59fc2770b027a28a08a025a60c35f417cf69914b676017d107aee0e17

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zHuddlesApp.dll

MD5 97251f988391dd6992a6568a548aa014
SHA1 92033a5fd89bbefdd54cf010138b474696c8b38d
SHA256 ae08c391cd4addfafb04c7f3733b6279bb9cc861dcc51017d96799283112b3c2
SHA512 641339e2a1c87ee0fe9be495bc2da4216a8d640521c043523d72ddb2fcd5618500f938a9fb27d08edae170fdfc3a7dba190a6acb009c8f72e5a447391c075c9e

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMailRes.dll

MD5 86f741aef46a3b4b424829df697c28df
SHA1 a1414c1133725fef2031c51a3b9a17aa2c826614
SHA256 130fe7ed30a918fb29b9e71b7329fb7a265d0574449716bb1abde31aee4fd738
SHA512 64d91b7acaba43ae3ef26eb849a1aa8687bde2ba054a90fd1a8dab4eb2d948a6d7c7404ff9a5274eb8efee8c6854567ff64eb19c0d8f6439e8bcf4a242cf533a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zmScheduler.dll

MD5 43b42b5aeed5301fb0ea0a56cc978413
SHA1 0956068f476d407304bfcefad9bec663ffa8fb67
SHA256 1de6095f52e7fcb36cf149cf943760e6dd8b9948ff7cf350df6984b8ff268114
SHA512 ca1f9589d967d7429a6445c75ac030f5d9a2ebfab20df21d15aa653446d70c59d3d54cbdf2963497f66ef0727a28f28b801cc04870348bf85170ea6027da0ad7

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomPluginAutoUpdateService32.dll

MD5 b736bb1b0d40b9ec82e6cf5e28422ca9
SHA1 b743283147ac39a699a730bca20b8a44e3fd43bf
SHA256 dbbe8f5885efd94d707da5a749ffcfcd8d8ba6e36093b4ebf627b0d6c0745b03
SHA512 a47552f0dfc73e97d3fea17e60ebe36324fded09dcc7926e235e336db172bf3f4203d4e915ce2ee5add9a17751a9f92ba361865a85837d49e1cf15b7bb347174

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zbt.dll

MD5 0b3f2a66747fc92a58c291be745e7baf
SHA1 68920d8724fe876cd6b34ca8154c95d5ee566ecf
SHA256 558525d430741af893b229875b8e285792097fe7124eacb5fe2346a303fed499
SHA512 d131b634721bbc542513fa35bcd6f24eba552572ed37921f2af5571e001e381791c73ca9c071035fbaaf10b2c193754948c78f512c9ddc0279e01db90f034de5

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zAppUISdk.dll

MD5 7829afe817a4a19c4ed43bed8d2e7cff
SHA1 8e2a1f0bf4ebad0d030f144af503c1f9dcff94b5
SHA256 724eade2b32511bf3ca8f91c504c4d237a434e91dfd1fb44482ba32e12c3985e
SHA512 80ce8552fbaa9500970da24e8ffcdabb95bd4d7af4ae83d5b702e9b4525a8a475788831d970b4492f314f91f06216bd91e610ab21f747862b6af4553dcbb1700

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44d-1f3fd.json

MD5 8a1539d919866a4cb249e7e72649fea9
SHA1 22ffd22a1c2021d87efbb3522765ae0517eee75f
SHA256 e098424aa4c8683122906445b8ee8fcbc9b052dc6302c243472667cb52e99c2a
SHA512 2a60eba32f91cf87da6908974b950f076c6ccf98785da72ec091a53afabfd769a5cbd4e8c8ef43bffef2291328f4ff766b7e83a3cadf5b242a3abd9c1e3ae318

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMeshNetAgent.dll

MD5 14a6ea1e7637d08c5ca0cc8708654797
SHA1 a72f4e8f022420ed278442d1c175b0b79f6bc71c
SHA256 9d7386b8cc8ffad225183c34a69f83cba67791c4c9225bb6f0d4d39bfe461895
SHA512 3614409d30bf2da56f1c238049d41c3ad50a317ae8f68ee0ba5d5cd502f1c1a8247cd328dccd384311c9fef01a5946af517e458868c487edf58cbcd141b00184

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f389.json

MD5 f67d4e717a5c78dc8cc24a9f8fda0c8e
SHA1 8106d5b328939142bef9c16a068c900ca2b63405
SHA256 61f1aee6f45612a6e5f7477e38898f56df5abefc58ba17316eb45d68a7bd2aea
SHA512 c6e9f43fda4220758741170501b4557ef245dc02f8d18fa13d40e62c7bc002c495c560421ca807a0b8fec75d8fa6af1e772d6f0f9321561042a358d66c0566ba

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_hash.pcm

MD5 05e93ad2f9defd7d42172fc603f3dcb3
SHA1 f2815285dbe857b15767b450cf29367fd84f51b5
SHA256 d49dcb4ed3beb63b5fa4b163fefdd39a48ff31d7c5bff78f89adc72c80f605f3
SHA512 aec7865a98baf17ee1e23c0124d15510bee02bdce1239895bf5a7820f701d0cb6ed054fe217a18f97aa3802e48e00725875df61e649d54b230e714ea09bfab6e

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\double_beep.pcm

MD5 a2243b1ddd8cca6c40030020b57c606e
SHA1 9d0084832970caaf750335d5b27a3104623e2275
SHA256 e00dbb2ed88cd107bf384102e1353bb8d3a777dd9624a680579e4267080888d7
SHA512 04ba003ef55787f3d19006e8a3489b861ab86834acec445ec463172f5530fe72472c0bb39f62ff8d0222f388b63a6b2e28f5919fbbccea416654d7cc13f68b49

C:\Users\Admin\AppData\Roaming\Zoom\tmp_uninstall\Installer.exe

MD5 3f969abde73cb3a1d2ebad6955a816d0
SHA1 a30a4eca54be4bd9cfaa1fbf16977a20d69a56b6
SHA256 609a3b23759e5b76c1713412998d649c255c3e998fb6c338ad4c7cbcd1a2fc64
SHA512 43491f5639d5f18a3ce85bd13b00684f1a436f7929b0914e11411a4ac6bc764d846342280c079b2a83d914e4a3143f4ebde3202824ee55e6c3f6806c38b0b0da

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zBusinessUIComponent.dll

MD5 d7d1ba5b2b013dd4c4d348f0f519b316
SHA1 a53cc7bd83ffc3bcf2147cc2abe7a72044f0ef70
SHA256 bc1cf101ea1b23963eb81087995d2fb13cb79457855adb25d5d8f053e59cce18
SHA512 5c863febb15ffe80edd07a9bddf2432391a2239a2387bbc28672af4fadc1f86c3c19969d2bd18b5d5607f418c97d17b95d12f1863e1c4f12ba90ff6df9d5f900

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\beep_intercom.pcm

MD5 618a307ef3efad70399a6107cb1ce9e3
SHA1 8b42e7fc116a27a3fa868db49b3d0204f42cd913
SHA256 32567197286cbb2dffc282f7cae8d46d13af9d5e83bc98773a836904d244326f
SHA512 3181f538cf34e09de3ced6b702eb55654888b3b533a339eaff97f6f6da9014900f076c76ddd407c0c3736156a896fd23a07952c04c06664103cc74f317b8ea74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a5ca58550bed7dac65748f0bff447df5
SHA1 d43f71d50f2cefd7b7e2ca1ddbce5365e9505476
SHA256 9f835ccbfdef40a94f60a25160643796f5dfe00b1c649d096d9b6b4c24d2ddea
SHA512 b35dec0f1b7bfb1c70e4128daebdd57f6ddfbf16d2591ba974e8a7dcaeaa1b0693dc4dbed84d373513f0f68787d03fa429f493f60c71e6a28c1dcba0927cc1fa

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\ring_pstn.pcm

MD5 f199df8ed884c5af8fd07aa0e046d19b
SHA1 507ca087de97053c4e65f4576f78157813e6c174
SHA256 0a23d9800db639dd5f40ff0e1ca3df5729df7ab81affd1a02db445b4b0ab235b
SHA512 176a88eb7df30c78442c435f102f865e1f8c8a6d0fa03f1af823cf6b7a3c290e50df229b8775c9234f09a0ab5643410f5e00bb4eae550c13cb59ee3d4147d5f9

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_star.pcm

MD5 814b4f610592e7d68725f87b04dd5691
SHA1 9e3f0489d1889b3201753730211fb14ea1fc1e21
SHA256 719f8aa3842eef2b413eb8dff026c2b442acf051af040b295af595ef207dc32c
SHA512 929f10fc51e71759d375d82681f6b9106932b27e0cd39fcd0fbacc2359d1907631a912d34958628c651c37617bd4d5d9db93d321f0592c30d0294428890abbd0

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_a.pcm

MD5 6a95093e7fe3117bb1e614fa9727bfdf
SHA1 1df81e069ed43aeaedd8dce9d1c8bf56fa6b96a7
SHA256 d705d27155e39da52d84034389fbc3953d98f2e7a6007c44cf0ea1bdda4b3bb5
SHA512 925d6b17cec73d8ea98ddc3b55d17c6e014a5d4504251563c5d5d55a9b7f8caa43dcc6d7989bbce72a62e1708a54ab7b09bdd84f79da9010bfebf6cff7534c99

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_9.pcm

MD5 cedbfc417b6ea8e076c99471e4d746ad
SHA1 11d95a6490613c3d7f350f5525ae47ddf244a5f0
SHA256 c5e274011991477635400e5a2c81d3b6cc12c50a61267b0ecc70077cb92a9aa7
SHA512 358120f75fb51a89979cbec3c1dd0227e286019025be9308e81f5e2f4c02cd9bb0022bed4db357d42990c5f0503aadb88963d7062382d9cd832440e12a338cd7

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_8.pcm

MD5 a9293ed20c46e09ebb87caf37e92f3be
SHA1 dd6e3ca3ef79d26f71fe432a2d928e9177f13205
SHA256 4c682a59d37c32715d7e82c1592fcfd51ceaaca7fc4464817f74d0c005a02372
SHA512 ae2572da5274f686ab5b2ca05c273e103e037f1b2d21775f86e780a6a4e97f61059387a063e86f276253011bdaf188b2ca20cb29ffca5803fce5cdd9a69f38a6

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_7.pcm

MD5 4f9cb5dbacddb4099469ff30fb61490f
SHA1 0a338b3aaa04309584af7ee0f14f1767afbe1da7
SHA256 79f7a132b33c6525ee483231a53b8298620700ab21343cfa70d716e96fd12b8f
SHA512 488fba0f24d2382dddd25c05531a5f61683f774dd86d41b652ce9473224607de9744a5a4463907930eb3b010e6f97f7b7d1ac5a9daba8453525735d338399a5a

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_6.pcm

MD5 a8e1e6ab27026fcc27307250e40dc64a
SHA1 a3d1bcd57edd4aa3f52c259a5b72c120f040d583
SHA256 ffc6da3e558a9b25cc03249f675aff3bd3ac21d54435fa8b23f37cbaf54dded8
SHA512 c82fb729e9aa1fb56efae9b76f42567b871b2626c29945d0e6b51e4f876f43b97b8bc5f0bbaefa56cd8b881def405c6b8a44f331500f169de80aba120c98f766

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 32dd25144e18ca1858f82cc2b90963f2
SHA1 0957371d865564d8326d1448441a4149f041be07
SHA256 8558237cbd78f9d50b255673cb64d4b4ad56cf6470945e2798da9ac479975630
SHA512 e0ae071bcbb993763c6cecdbc730eb0fbef0e30fd4a5b06220180a01664bcd7c4a90478436600671eaf9045b7b6f4fe55b8f008c90560e201b3d19473723e56b

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_5.pcm

MD5 532231d1e36ea53a168830033cc0aec5
SHA1 4407c14ffe5b12b7100db43fb011564269f702a0
SHA256 83ef758561576bbaa981e976510b74eeeacc181834064ba7412eaf876cc25290
SHA512 05bb2d8ae7cf3ead9dfbf05fef4983ebfd4f5a8991ba43a92191a1a97b485dcf17e315b9a8d39300c71be7114f15f0113a75c6648fcdfc46b46e6cfd2b3ca0fe

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_3.pcm

MD5 3913cdfca0b0dfad1c11ab3cdb81dcbb
SHA1 92e17b1f78788d5b98bb539aaed018fd72244411
SHA256 f8902a24f7dd5f4355e684ac1cb0029992581c610ad011ed2c900f8957c104ad
SHA512 43d22a611b65e10b9bb4b8405a993a77618c24d8866032672d43911707ac9f6497826cb6c975ae422c7d61412d6bb2d2df0412fc7fadc0e5e5f84ea09c7475ff

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_2.pcm

MD5 d30328c7ec556e0fc8537d1a2316c418
SHA1 bbd09bfd865686297bc06ff35fbd5f56374e3dc3
SHA256 37db0a7b3ab878fcdc1da65dc21c006daba8791c87ae37d000d516cdea9d4804
SHA512 913c7f778f1a954c43c275e544689a528fc4a59d30f1d315359191de60f9bc9544bd322fc6842b63e8931e8f0ee8579f63a3e810f165d92a2f702ad3d8e5b6e2

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_1.pcm

MD5 842932d135c62a4866c698cf415a13d1
SHA1 7977e8280576cdfe14449e0522a824342899e21b
SHA256 1a5eb409a8dd747b37e24b3a7a0c3c8aa7c55778a9bf4a71f4bdf3b5ad298c5d
SHA512 a34ae285e13cf25beb93153f1de77c6bb61941fd4d8f91b9689cb84d37204072ed4ddcf17a7f2319393db6383a949d4d0a8722245116f6aee8ef62524a403e29

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\win10rt.7z

MD5 c6e2c9b308d599c806892bdb7c0793f2
SHA1 e03adabd3b6f048660a40128bac215ae2a6f20f5
SHA256 5c42d05e598ecf50200b423cdf2b9f3722acf252ffa2a36343a7bc442e943845
SHA512 711794c6cf165b441d123e753033a9469ca1c65bbb37db51ef585321cd4ec9c847709eb922de073e8c9c8e73720b1999cf8e71e534cb8ed8aed7df93455cb245

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_0.pcm

MD5 285974390c5114e6a8e91a2d63266a38
SHA1 f5b5b5ce959380d0358c463e2dcb9cafbe709843
SHA256 394c441e19f6d34b46baeb7820726f279bc71d21e6911070dbb58e67568ecb9c
SHA512 de85e1fc198fa235bc233cfd45747c30a8247af71b83e8ca30800cd754e6c45ae2d9754e4de0d51e3f2aed26ff8cc829d29374960f3b434e48acbbdf530ebe43

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_4.pcm

MD5 065ce5dc0d49c48589a3eb19603510fc
SHA1 d0852569e60486c2d9206c35be826ac4d23f79be
SHA256 c50e689f830fea83f82c6cb2e5472b3827c5635490f0d2b0e56c346bad616a64
SHA512 c4661a30868376a7ed681d4d984efcbb8af4a7449059f31225c63ce1cc88a3b4a7fba3e3047f2b29a0e0e437e8b4832e888f65ef86ea40c2063aa0f736c61307

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPSUI.dll

MD5 7cb37446c52d614f8d4ed2a1469699a9
SHA1 bbe4a513fc59d3e0d1e9ba18fbaf2caf6721a4b8
SHA256 320dd62bdf4a1ef07113f243672aa56a55b87873f6b0a3beab6d49f2e6d96a3f
SHA512 a1c10e4586cd4398be2d00c69cf117d1d0066a65a93fa58de1dbb1e54da263eeace99fc3bfb3661802d1fbf54ad9794a50fae927f5194f50946434eba52533e0

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPSApp.dll

MD5 236a4923173a6bcd7cfa0dbc76dc3d17
SHA1 682866d1c5f3bb92bbf4796df9204979a917b983
SHA256 e9b90a141a965e85b61704e9a0e89d6466a813171b3d42534184f7c363f68244
SHA512 68fe18f78c95de432f015a03ec90a09fffe3d21148e5f77f6481e70613680980221fe8b1f836f14b7be0b3f35c782f4b9194b606d86d586288eab99d07708354

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zDiagnostic.dll

MD5 5712a122141b0aa480b78ae02a790d93
SHA1 4148698f83c1decf0cec9cea33ff172fd362087e
SHA256 e3e11bf4029ffb5807f4279bc26995a51a4e8ce90b8d97651f0087dc58a35620
SHA512 0c756c6c085d15d30eb22a2b996b4349ef4a22eb4a91ec83d4479d3a4234c9bb9cec9ca9b7f174e67ef11099da0a0b420b59dfc1ab40e5a479c655a2db18e197

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f62e.json

MD5 7cefb2263f614827ab6e0336b64fce2f
SHA1 1a2f4e128ba63b5e9b6c1b6205f7d7de9143907b
SHA256 c20267a718250c2d164a2f3e06df0c710cb6bf881dce3995d35bcb69bdf38089
SHA512 47c2b892b654a8c06b88842b04897cfdb46a990ab70aa0dc92d0df90dcc924493ca1ef0097141bd2fc55389f7b46462fb9239e9a3324e91cfe5cefefb8876107

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44f-1f3ff.json

MD5 fb40a5f93d8289078a45accd64e8b465
SHA1 2d65348b9bcf99ed6beadcfaadd1e4ba3060992f
SHA256 a138ef5319e9e21fa35890d6ca4b88f25bf2b0e1e323cedb64ebf4b9caf9d72f
SHA512 508a34b167ce76b09f578aa0b0470e4dff749e1bb2bb4a18033bf96774028ce46fe3a1c41102a16b32342af3d3e4aecbc49946f6677b43ba4f5fd94f3abc6365

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44f-1f3fe.json

MD5 7f9d9cdab026d95fd3284adf532e2315
SHA1 5403f9c7a8ca5fbfea80212456248c4fef800474
SHA256 bd77b000abbb946e77fe3f0850cc3ebc37b04fe0d326cc0ade00d01d6a3c6964
SHA512 c733a6cfea5f1b96ccefe7f4955d6f347099cfc965703a1e338377ddf973b1c75c7ce67a05966b1dcbb8148ad0de98d3d5b4c688ba0a8ba8444cdbff0f4f8083

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44f-1f3fd.json

MD5 6c248de1c9a3a4f80db699b2e0334baf
SHA1 8492fd0113557e1d106915e6f341e6361ae81fe5
SHA256 9dea6b7d295efb8fc7b6cadca1300dec66b767902a1cecc09c0bf2061d583236
SHA512 8ab713951327f5d046ef8a301e8c015e264d1da53932938dce7acf4be2476b7c05cb0fa007376f9760d155527af3fb9e5cb7fefa208824a6ffbb4cb7c6ddae72

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44f-1f3fc.json

MD5 d106b53a5ecb2e2c948b649d30b7abc8
SHA1 b8da4b38b28194034f65c1e0b1e598ea19cc9757
SHA256 59feff722f006a29234c2d60232f8c658332678c58f47a46c328f5e6c1e5b8f4
SHA512 20f15b6e90e64f6514324e9c796ff8622cdeb1881bcc1d85ffda0ccdb80813999be1f7c15886f1f0b818c9f1163a944bd0a7d837913501e871a5b97180af2a30

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44f-1f3fb.json

MD5 2fc95360eac87dce1a1e45683dff62c3
SHA1 314b47046abe7edd6a5cec405eefd14f1375f950
SHA256 f863e406ba35766c348026ebf8cc31b3d196eb34f82f2b46dd8f95ec29c3d9d1
SHA512 e7513f97c0acf5fa0683ebcdf64d0c4f09b84f9a693468d3ea58d7b22ab6218eca5372e50c618efe54e5637777da8a3929a8219846517f0ede418e17dffb6cd8

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44f.json

MD5 80b427679e74a5a18e18c1add9d7b03e
SHA1 e63b222fae4dc53072b9080b6ee487155077fd76
SHA256 84f4390c03c46fd324ee2961caa437b72e231c40ee2bf9e8a55a33d8a69e36f1
SHA512 d8fcc78cbca0ba8d34143fc8fc5fa191f4b37cf9604c8c5dbc4214128778833edffcc8e704fe94223705020fb71bd08354c2dc98ea908b87bafbdd5a52d199f0

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44d-1f3ff.json

MD5 e923b83a1b6583c7a6d8e0c3ddbd18f5
SHA1 77c8b568a14266dbfee28ebebf7a813926d94ae9
SHA256 a149f67ecaaa42766499f122a4d9dee813f4c7ffd2a72a76706b3e1d6017c8fd
SHA512 da813bb3bfe223fdc8177493af12004aa432e6d76a8c8f9c09c80aa8c4ccf48d5e2f6504601a1864c1cf32b2f5a35727ff6b745ea71bcdf90d05951d5b867ffb

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44d-1f3fe.json

MD5 d4cc4a0572eda6dd046ea1477bccbab8
SHA1 d40bef057a1afcd0d95ed3d3e70850a45c337de1
SHA256 b0fe802982c912b18a7bfe0ed8bd7813b0f7c95a1cddad3dc193fdc6123deadf
SHA512 0c279bc010f98e9e82fda9c5d4725295d5a413d1e1fe0d3daf9580856213d32f438a1b247d169d712f9348e41d86b014c33a683d3a6fc40f32d0c2f20b1324c8

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44d-1f3fc.json

MD5 48bf4da3d37e30ec5a1d97d856d7e05a
SHA1 4cd99bde6ac053849d928ddf3b7aa81965b80a8b
SHA256 62832db00d7a0e37f65ec3d487d3c3a28f72bff588bb3bbb3b99f89e0fa4017a
SHA512 6d5457b1af1ddabff895f601c152be1725fc70eccec9baf95fa4970a661b5699b3a85e31270a137dadf2378aa5b61c6f82caf1b3f7f8b5174080d328532f816b

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44d-1f3fb.json

MD5 a326b81f55e448ced69b4976b70d8956
SHA1 80d44363c42c7ee47ba8b9a50aa33fa8b9099b3f
SHA256 6c646b347476c9ef767ad094d3a8970056acaef87b18b6012f59d33ba850c401
SHA512 0c9ecaba03f2597a9bda7adc7458e53236924ad43f8f786918d5c60bebf18c3113b35a353cf030e0efa6491182ba5f0e892b7e90215100f93947f0b77ecc906c

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44d.json

MD5 2e94b3973a2da18283ff24cd370e5893
SHA1 65c5a5caf66f94489b61d8e092e61888184efa81
SHA256 bfd1e8c6015f0a369fa5b3cd9a1ce59cfaec94942c81c81d9783c45478cb70af
SHA512 c845954a0d937f756cc76646dde14d718a3dcdf9d678a91cd7b4ecfa9052512a20b6c18fd67b7621f3f4ecb1f85fdee5a6bd0e8091f43b569594c9acb38aa04c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomPluginAutoUpdateService64.dll

MD5 aaf99a0b0536c6dd34abd6ec8b7ffc3a
SHA1 257d1beafa45dba8611346d9005f9dcd1c475257
SHA256 d8b5c00266ea94d5c16d2c1078947491e0cbfe76f966ff1e7d0c0ea8137d2ae3
SHA512 4c962bcf640c5f3ce9d9c05d945f7442e7b477caf83892fcea0ab54ca2e6300d1055db2beefe40680119af56a2623566048f8dd508396fe2aa3187fe144b1a73

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zAppUI.dll

MD5 2de076a5e0aa77f56fb5917499a01ab3
SHA1 7992a5898c756abacf18ff18c8fd21611c8d474f
SHA256 80ec80acaf280ced7edf6466ba58eac6d49fb595769ca8d9db1c821441bfa588
SHA512 5df710db986c37629cdf51d4b721c930998b9f9311e0f2405eddbad448f8c97b6f783537772c3f189ca9b801864a7a7b2818caadb725c53bd3dd8ffedfe71691

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zAppRes.dll

MD5 3faa23731f0182b4fa3e73c570e05e60
SHA1 de28dee8d61917ae14737f69d48044a656bbc69d
SHA256 46f4cb8d4af819756103db9525f329f4f6e03a1584d4e66ad891d39bbe5ddd94
SHA512 c541154a66748ca004db5c4188c05efa6b8dec7cdb9ca18105d5349058b34e6532d8fbecc1d63314b2ea9845eab19c216ca24623a45bf0a9a327e554334542ab

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\viper_async_device.dll

MD5 a65efca4142dc93017339cc369fb299c
SHA1 4cf3cbe9e5032beb96369e7ad562f3115e19c1c5
SHA256 910e40cc9d6539302f99e310489bc93486b13843470c39c6f3cd73a481fab0c2
SHA512 54631b3e085ee0efbf3b5ffd6e57c36283ccf7c35cf07880006c4584344270ddaa45d31f6ec9b2540b122436c38bbadb447486fdf9f585321c4680204d390999

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\archival.pcm

MD5 2da32e501e9720b40d438ff7352a5573
SHA1 e59fdecd75b2c8cb4b26bb4a2b3c622dca8a2e3b
SHA256 5e7d1491e7d6969eb67646f87ab2dbf0ff1d1cb4f5cf631128a305e2b67d4a1b
SHA512 5da2c201bfd01fc1ef1724acb0f6fddd7be39f83b6fff5c80aef71c96f14d30c694da82b1c41183b2b9ab9ef99d45faa657c4f6a984f87a97aef08d9e824ccee

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mfAdapter.dll

MD5 c6cac8552099da351e51a955a1cd7c64
SHA1 cc89c31e46fc7e62ede29dedeb3ee6eb2d6bf8b0
SHA256 59b1665b133db5a706ca78e6cfe67d128e8dff55513b1b7988900cd9caa8121f
SHA512 bff24f81a3b7c8d38aa13028e012fb3edbdc4d8fac0f059f6d62af56553a835394d6e1730db5058ff6fc2fc6f5b5afdb38685baa2a5f0a424f470860ac151b78

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\sipphone_audioctrl.dll

MD5 fb0929781df9ac56790a2692f6160e70
SHA1 34e20ba6808aabc2eba21d4432c66523ca5f3d27
SHA256 3cb17d4880a8634c238a7e975a89e8e78bcf95f1e365a36e2ba5534177b52e7a
SHA512 67ea32a1deb988130beb1c420275134f1397f913b62fd1e550698b98d51a0282f501933aa1b36a0038a546254ff51b885c7f2507fa9282f3fe2d631f51c24c9b

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zoombase_crypto_shared.dll

MD5 f86cd3389bfaa7ce221533a33f7c33b3
SHA1 4645861381b38e73ff6859c833ca8264d3cf5eea
SHA256 a50bdfed166bf61e49512bbb5dbc672e14e8aa6ea0a4ffe44ddd78bfa4fb3bd5
SHA512 100b52ce1552cedaf8769e6c7a574a7ba92ef13b1efa61818505f167c26795b8d22e4df92ebab860be9e0feeae3463dd0f70f80758039b02b47184707dc747c9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zKBCrypto.dll

MD5 4070548ac56045d518cd66fdd6ece010
SHA1 7ee897667c37ebcde5c0f0b89fa51ea49412b552
SHA256 02b34283baf7ae6dc420247f8609a3ff4f0d4acb4715c2731332eba6059625ab
SHA512 79a748dd8d262abff6b601c1ed02ff8b7d773153c3f35b4ccfaab62e48aa67d627636472ac8c9685201372cc129599a038b396a964eb536b958c700482d3d388

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\double_beep.pcm

MD5 876e92eaa1e4ad2e72a6e602b4eaa7bc
SHA1 2b2008c1f1f9b18037e4c3a7931cc5315e779904
SHA256 3899566d9a2d7bf12a2122fc59a4279d9018a40aa18c946ae85ca2132a28b61e
SHA512 116db9da873a1dabcc30f5ae938164301c39ff5cdb3a5f7dbe9f1c83ee04dd078df1640cf3f86cac0eef46f5bf917305405401ea55ee23409a1958b47ccfa1c4

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\Vibraphone.pcm

MD5 e750b985789477ea310fc23485c38b3a
SHA1 34c1c7fe44d97ecaad0e3ca2225039d3025980ce
SHA256 ef3fdbc6e2b647f9d061468672bdde08acff5a59df08f91e7dd3155ed6bb0ed1
SHA512 9769393ce2880558c30164a979d6197908bcee99d6d0643b68e05847b078c2a1b02b29399b949d424d3dc40952b759cf95a7a523575f2d1218f081be02bfd0ca

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\Ukulele G.pcm

MD5 545e0e3c3e15874ff10658fce9c62ecc
SHA1 c74c1d56225e6d756608de57370d41b4b0c14263
SHA256 740f457ee95b637c9588d8f09a6185a8a0acdc69f3214fda1ad7a397bb79f26c
SHA512 904f80176377c101147c76a0c295fe3a7649f5a9d6c3a35cb41e5661b1ccd32912fc6c5385dacb23d04850a5397e897ddc358714314e3519f1e0d7dbce42ea1a

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\Reed Organ.pcm

MD5 cbda54e1b4c3c746b7bf439bf3d1d6d2
SHA1 8d555ad3110ba2c2257cc18562bfa5a453ac03d4
SHA256 c3279bfbdbf53f32876ca34a213b102c64b6e0380ce5897400bca6e178267c33
SHA512 188d6700b93f21f776fdc4c2c6a2d41a82c52e5ec2525e7343d27aeb2badab3827c96889665766546b14d38ad3a6e575491c7f4d2e9d5c5c3a4c496e47b40f6a

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\Pizzicato Strings.pcm

MD5 67611d47f3dbc795cf0caf909a0070e5
SHA1 880a42bf2f926ad1a7e23b41610f5d0121409643
SHA256 c724b4ac93f02474f6b0b1849b875d4576846e7969d56c4519b0c8e77b8e14f0
SHA512 e385dbb975bca126b6fdd388e94dd12ed1cc95e860f68c1d1dfd073ee0d065cd8ea7671b7ce9e15779d329fd70a4d4278b5615abfb63cd4f9813d674cca6c754

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\Gamelan.pcm

MD5 e06c92d35ca7fd525fc7ea6e59929ec5
SHA1 ff19d13920cace68b559901911472a2ede6de2d1
SHA256 419db5735387e7876b1ae925f0ae8bc470f1ce3ecb2cff56788d0aeed07ab292
SHA512 f89283246852086e8b172a5b2f5cb617f2ba90526c729377ed62a21b15a6a5c0e31c5fb9b9dac12c0c04bd807eca1f3670d571c547dec71728460b844e201f98

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\G Step.pcm

MD5 41c9816899c367b3663c50f7d6c698c6
SHA1 c59007efcba1c379bf34cc875a07477648c002de
SHA256 26210fbac5a314609cfd04b77f91a91127695bc1eaa02074c57079cd8acc28e1
SHA512 ff1d7daecd31c5d38239bca5589e7a08f22eefd112f16e7a01278355532f45cb4e0cd983a5e5e72d7d3fe41895c6f813dd7254eee981f7073aa419c23146123b

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\G Arpeggio.pcm

MD5 6771499ee6ba11e659d8ad19981fe97d
SHA1 0f4ba3f4017575737669adcceada47cddb1f92c1
SHA256 7e24bd3ed8f03b5a0c09a6e6364915bddd4bf48bce64b9fa9ff3229e07f3e8a1
SHA512 049861d52bd58e2b45d182358fc0db5986e27390a85cb74d6c7f7b28146bfe679577dca02b3680a10c9a92e56c2ce6d61e1e13987d8cddd00a2772e6de5cc9ab

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\ringtone.xml

MD5 2a098d45a19527f62c29f3a90496240f
SHA1 a2b8c01ff514d443dd5c5634c3591b2655932179
SHA256 81ffa6db5798cc0114512a43c3111a8a73a57fa243d23c758c4c18f0c975a141
SHA512 bf18c491e57a3317192cdd0ba1a5680354a7eac146fe9b75bfbf6a97cb77c72e77db92b96843c9d5a4389931bd1bc891f404adb3a1914cb927719e828538e32a

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\localization.xml

MD5 906d15d9bb44a0047a604798bf9129c5
SHA1 0f328b45419e20f067b4e11ad8eee4797abfc2c0
SHA256 cb6fb1c7b3d5bf61c174e2c472255336e1e0fecc4428aa4cc0bb32bf49c20b61
SHA512 3d00e8f9d365a673875f02295996ae973fb5400089100daef93b531832be56684a761f56be32102750e88e66a12d4cc79d0ca299284a9e66f8f12d183ad085d9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\LibphoneWrapper.dll

MD5 fd7d63aba89056b47e19f6dee6f0638b
SHA1 3bbb7b97127992466faf4893a97ee6e88d8dd15a
SHA256 70e3b95b88ca5bbf797e7ab7c279a97d9db6e3751ef7bc16703b6b04708f7942
SHA512 e36454f539326c80186e4cabf4631cc74e4c9119a5245fc97a57fae7b4d69f9b5149521f1a9bd0f6f4afae6750de79b118dc5d32f87fd47bcadd4f7bc537c6b5

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\sipphone_util.dll

MD5 2d69a9a41d5310abe8f622f91a79a615
SHA1 2902b08792b9843ba54e7431a9f4719d1c03369b
SHA256 7b941edd752f1ad9aa808ec6150ac8f84a7095293c298b689a8f73885d45995c
SHA512 31a75ffc8e29bf2816de5ded39f1a06c68bd33aca637e4f146ebbb62d4a13efc1907b9db5c302dcf7aa1795ed91695809b577cc55fdde6ad33340e32830607ca

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\viperex.dll

MD5 fab0bd2925e2aacab2a472aac9ae3e5f
SHA1 a9f7eda544262df6b2007e7e5b1f8deb87253589
SHA256 47dd7f6ba80f4ead72208de87232407d5714acfa43939e5c80f243642c330348
SHA512 c5d60190137f96b3b41adbaf1a03663902549b7137a14d01bcb34dc6a182c842b83dae294e598c5ea361a986f0d38edea994fb9c914dfc7616cc5f1328fdcfc5

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\XmppDll.dll

MD5 e9e69aa8b9c4822cbf56e98021729179
SHA1 49947ad3622b8d236b076edfd8a488b2f4783721
SHA256 67c33ed703be5a58246c4e160f491b6b9880917b2435678cef51a4a81bd3e54e
SHA512 3c817f89160a72bda15a3da29101f1b6a00fcb63609f9e43179295c3246ac26729c3a93a2a066e869cda20ffb722630dd2e3f14fc3007287bddd6b3061f0fe1b

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\swresample_zm-4.dll

MD5 2fa420ffa543a5503b00300b912d3e3a
SHA1 b33516a35ba79a346868660d26a4535c3d3a3d9f
SHA256 cfa6313e8bf329ce215ca879d63204526af62cc263d5e8ec1e9e9b9a4dc1156d
SHA512 56db6f890e672cbd9892634126a545f27d3cf8db138256928ac38de9787f8150576ff1f6bb70c4fbd846d7ff13fa259ac21412b0f9ee14cf36cab9ad4f3132b0

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mDNSResponder.dll

MD5 396a394210497a659caab0cbd1851c7a
SHA1 e9d8b89bfc2e892a0caaba03f8de552060be6d89
SHA256 1e7897eb9bdf2f5d6255a9d317b7741fc41acf0e0639bf89c3fe25458e51612b
SHA512 ea824a03f4c12a8df1d1cef2818faf1532d37a048cec53d301d66f60956829f8f1d52c732d23bc001f505b908d6eb3f06a364cd449cfc3b226f88d908be6c0ff

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mdnsclient.dll

MD5 419dc357026919541f06eebe3156c9db
SHA1 4f4846af1913ba47e3d1d5ecefb889b346d166a7
SHA256 8170579f8b3f156f9f612f53c898fd750723a3640fa5b8a8b0a1f0c4425a44c9
SHA512 bbff6dc3017b1c8e92f5b7fc6b99a8c68726b6602e69e4233ce9e004a84c407302591ebbb97bf4f6333c0ce510e8388d96478633b6bd532f43bf3ee7dfc211ec

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\swscale_zm-6.dll

MD5 553fb5350e5d01628cf0c85f1f70c775
SHA1 acd2bf8c7d35f31533cfda008c4fdd0eaaa40370
SHA256 bd60f2b0a0d83052a28ec65210bd1cc85d912d45e1897de8d1934b2248b071b1
SHA512 95e1a4f53ec6087b4f6a7184ea07bd54f8164458cdb19126020232a81491f9518b18cffc0e9059f3696e6d452b2999a21e954db165c8b80f10c955e1a08e3f30

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\reslib.dll

MD5 5aa09dbc394174553ea2d11a7e1b56e8
SHA1 58dbd9e86a31f294fa6e28d5031c3977d4d18a8e
SHA256 c6a1ae89ce865d09fc6380bee77594a6de1f946d6265f455424e28d51e73acbb
SHA512 2622fe0d414a7512644775790616df6b9a33ab64149fe0f3f50aefcf05be39b75593802bd27ef3475d0d5d52f8ba78c822ab4ca6a746f5e2b37d5932b954cae5

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\clap-medium.pcm

MD5 aa93ab138ec89cf7cfb8b4b0ea8990a6
SHA1 d13b139d666c76cb12e1c0280c1343770adc8aac
SHA256 d754fc9d9378772b7a17a53e6598c9cfe4a0f3ec492f0ed30241020562f58509
SHA512 f91c59cf1b1645b24997a1201bddb52953c0904f855b78add275d71401e4f9e6bcef59fe1d7205e222470689dacf2d55ae752cc2be66bbee5258db284b42e6c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6fff7414b0c15cbc0281ae5d26ecc147
SHA1 8a4482051b2c01938672da2750b78a88b639061b
SHA256 33ea8e6cd60ef6c429b2a2312bec13d377d2a901ce641fd6f3b7472b569cc721
SHA512 0b4631d7cc85471498eb94c8a4935cd3dedd1af9abf44fb218023849ff3fc18c7d1fa734268c2121c56c80ef495c25e50b1ee3d759a4c11394eb327cc1263a3c

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\clap-high.pcm

MD5 c32f95839557340b4b4197a68847ca1d
SHA1 0feed637c4766b9b30ab6732259670f8c12c5538
SHA256 0a16435cb3f7b8b1787476575ad646361e6fb4c07587df874940413de004dd08
SHA512 f5f0dd4a313ff6686bed5090aaa64885d319b8fba51fb2722b764668b26f06ce95164444652661b027e35f3c6928d3919422e4816bbb81bbd0f7914869004700

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZRCSdk.dll

MD5 65f90013f9bd61560b21e2b1507cd24a
SHA1 b695ca29039e8dc9de86b38accd4a82369e0d013
SHA256 155d5ddfc6897768bb682d5e3a43dc0870a5cf06b2e2cbf09f48f2d3b9eb3266
SHA512 70a6f348849b94c34fb5d2df96957bb1a03728280b3f8516617480a9dccf1be0f2a2eb67f0833d2f059c0a07aa4c6a22ad968c89d79845cb481ea63d2068c12a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWBUIRes.dll

MD5 3f18a0a965f0f9782d57de0dad7df255
SHA1 f55ca76d577e6969460fdac76d5eb4f93e3c766f
SHA256 bbaa0984898a0cf85339394a2792c07f522530a4c700292276db8218cd5fdd5b
SHA512 1eac605c0584f1f8483b37211338a5d55cc14d52ff221a3ed71473877e3d3a84d1ece820a8a04a091ba631ea35dc66dec4298da8c31d97ac95c64a319baa87d4

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\annoter.dll

MD5 4e6832dd1f1018253ef9248a8086c827
SHA1 67b095c53bea012a101427de8fa255eeb0ee407b
SHA256 843152f525b4ecc1482d7cfc175d45ff45d699ce613ae82716637dc5f95fec87
SHA512 7a037132a5efd7a0e24b6ab8b48d9aa048791bcc78baf12edd59402b470b36c107fbbcc7829e5f63004c2a3f68e48bf216b733ef6981d5b2f256ba666fb236d9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\cares.dll

MD5 ae82f30d64799f5b89202307dcb1d8d4
SHA1 f4f18d0ad25dc9742f267b6eae852f4b03ba2d62
SHA256 18bab902301db6282b8a18cb664a3dae906e665689932f3f5f09fda653b3ab16
SHA512 b48bc5061ee0ba0ef44c2a91be96cce865088224d65f565d8ec904357c6bb5a180ce29e9182290fb4f0e3e81ece714dccbced67243604af280796de6a9b91949

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWebService.dll

MD5 85be304c2b283841e1c8897fab37d7e1
SHA1 4cbd6bbc3efb7dc223a6555ff2d55a8a6471194f
SHA256 dd53361a0259224f11dd0284e0d8b1c430574ea20e2bf99b3340a3f633d02299
SHA512 2bb60987a3757290b8596f6a92486919a2b5edbc6f22c8d903098066ca6ff49bcf5ff281d6b25d28c6248787b47fa54f2c298b524ddb6cfaf859749b33d702ec

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zoom_launcher.exe

MD5 5278a1511092dd6d33c0afc7405c3c42
SHA1 e1040be7faf31cf721c08bf058284d5d8eae57f8
SHA256 5dffcc2ce847f695c7f02ef78463dc88cf0305a56b2dc93fa32add409c878e02
SHA512 fa0ff190bc0bb75f18617fcdf7c911fd5397092e16abce796f7457f737b9874ff569cac954be318ce0255d3646a0e5854dd09dfebfeb62aa7f0dc0a74064c9b7

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zTscoder.exe

MD5 406e5a0dfaa38f1bb4e7ea81b8e1c74e
SHA1 8432b3d713a536e60b45d5e69aa63f3d4de6bc9b
SHA256 eeedd3720c05b485ad8eb02827321b363245524e0c5ee0fbbc8c736f43d8cb55
SHA512 3caf3da81185ffcc2feba3a763b7b2315a2f474c45c98d3af67e23c62a4caf1693d4254d44f7e6111be09155b81d068cc41395017288eff36764af4347fee0ec

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zmb.dll

MD5 ee45838dea21b24b00951a2b05174e33
SHA1 0964a45771a21a1e622ced319bbd63d701e6a2af
SHA256 8c42084bc1d567461e81f21150b7feabced5f2bc171a99998145ad05ee625699
SHA512 7a417a89bd2b6465df590470b726c13e81e4959fb16960dc57d5208433087d5b13f150c2af5765c5039ec6ea81f53dd6de31de8e6d4474b251f8c8ba8ed34c38

C:\Users\Admin\AppData\Roaming\Zoom\data\Zoom.us.ini

MD5 b980f508ce1f39048fe12f5c1715b4f6
SHA1 164eba4628eccb0aeffb11539d17d28f98cc36a1
SHA256 256961db0908b7bfa35edf7f40612a72b44359b336dd0bb31c5f387036458f09
SHA512 494f5c9e87977c05f5ea95e4282ce61d0321f2b639fe3471747568d28f9526341045a4c146260c8aabc670b282bbb182cb6912280973f5505e54c90ebc918e6a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zlt.dll

MD5 70a68fbccd37f8fd35cbcbaa05275411
SHA1 4826be810734721e8a36e862345693537d7bde15
SHA256 1f618d72b5260901e9c8fa748c7da12138d79a0659fea9647efea57ae4cf02a0
SHA512 270089f305e36cd724939e1b4a56dd7511af6189888aa047ad22aff6053d8331d788f7d588f6817cc2c68f170ab6050ce55f21f1b213d99d12799d9902c77aa8

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zChatHuddleViewRes.dll

MD5 7905bca84d9571702d1c6f988c145f93
SHA1 888cd904c4173dab23b82c2a307565c09a1947ab
SHA256 6c07e0f461a8e8cb00430a40b4aa258d36af4e5e8e80c2b6d172834922e86145
SHA512 f7047d8b2684825b5084a9441638e7e4d4b8002a3492fcc3b977044d4438d2344071d2f9561a2e2bfc1a25764fa4b8cde1d0d6fa879b010f07b963f65cdc10ec

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMsgAppCommon.dll

MD5 c2b5dc991b41e1e3b5b1f6bd856023c0
SHA1 d5cd38f393283572dda490d03fc768a17ff9d970
SHA256 8b53bd4d708229601be04cbd6e15e78053a87b9af05a00d0acd8846ca0061361
SHA512 872487618586ffc640c03bb57af8a888195b177bc0fcd9a5947a460f5cc84e9470ad8b11675bc2b4e8fa65b68206c8c7bd22fc44b42f5d3cb0fc97cfc3d50993

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\record_stop.pcm

MD5 0001fecb6b6e044d221fbc6a7e22e313
SHA1 c73a6506c92d9a1188aaa793afbfc1951cd5340a
SHA256 8cd8b4d3e8447d82dd045c7a3a8f175b97376c3db5895506cab0af6a0075226f
SHA512 1588169348727306e9c4ab444a7857924bcb88e4dca2be8e3526a2227cf117702c47431325df1c83f71da34bb35c28d1589eb3f59cffddbb3dbbe1d00d8d76de

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\record_start.pcm

MD5 ab8a5f2981e225d3edaacb520083835a
SHA1 c60c383fdb6850cb5013065576de87610270fba7
SHA256 193c4ffea3de04802e97e9e62fcd8533d8ca53e7306ba113a2234959b5262eb4
SHA512 4381f709c5e9d0172027fd2fe65ce37b0444087d3e9d7864cd54651cdae6e8429653c02ebb7a55a5de194ccf0d674f376961b012b088e131a11b7352f1ba69dd

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\dingdong1.pcm

MD5 8fe86d9e8aa5c709bb0563243172e580
SHA1 c22bb02d82516a66f8473dbb4209bf22bb60fa14
SHA256 2fbbb9ae6a463b360e1459bee558dafa8d864db2423f0fe4d2c56d22c3f3a5a2
SHA512 6c47e964421ebab2c0c6199b97fb9c61b0a228fc654abf2e4d2bbaeec9640be2a5acca92474dfdd0b43facc71c60a9c9ba727d300cadb6128ef1f3dcd9a6c10f

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\dingdong.pcm

MD5 54511224e61e71d2915ff67e57dcb268
SHA1 ba45f16f12d2e29480952367c0c6bd34fcd16827
SHA256 7aadf0e317831d287b51e41992b43f0f381ae48a312cb77a426eeb3b6129d6d7
SHA512 46b4ea771328a25c6384d5cdff7643ced94dd446830b165f80fb69df2dd2754062dca0636604602a7ebad4ce29b3f8ef62a81f59cf5502bfc78468c8c67a41ff

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ring.pcm

MD5 15f886cbaee088418b6ffcc29115c64d
SHA1 9147beae4e9138ba609f67e75f9cbea7651ca307
SHA256 29792a0893ed2457c3872c4418bdd71f5e6c1b8e5894c2c921f8a8f8d797d4dc
SHA512 e5228897cffb5e05a7a66471c52089ddb682d544ac3b4ac312804883a2d335b60edb6236286dbfb6934ed12715709f8ffa09dc7014844acb89bb1b0e205a2daa

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\nydus.dll

MD5 9b1eb56f2975ab0ae5d792d4b9a4a4db
SHA1 c12e069dbbca39b5896763d7803760178f376d31
SHA256 31ec443acf956e17d24b81734edeb61494720e20a8ec97135f8992297049a88f
SHA512 7a1a9ac62482db1c175e01374326653214eca7adb7a80cb492cf936941d4ad84129545b057432a561bd4c9748da282a34e3257a347d49c8c39c4af5662143302

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libcrypto-3-zm.dll

MD5 e360a63c2437a2dc0b538e8860157ca1
SHA1 c096eae3c5d11ebaa9e054ba8844c082a2abe334
SHA256 1629591f537ce5b3f1365c9ce60b6f03901e4ee2634c1dc7fb4c509138eeac39
SHA512 f47b61d10f3f43ccea15d5c48d1307e1d75b6f48404e68e0bc30b7f3eeeef906e9ef2fc05c28e3ae6fd3bf131553428de5e727e20a38ae334f945ecf2bd6b030

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\crashrpt_lang.ini

MD5 fcf61aed8f093bfcf571cdd8f8162a05
SHA1 8de8177798aae82d5bcc0870c1ca5365f5d9966d
SHA256 1f5b45a5411f7fc71b9da789d6d1ead8ad30551fbea7bbb40fc7ea576d581abb
SHA512 8a5d252d115f868a4e20fce10f9f9ec5f3948f0ad5680d656e0eba1fd167d36889e54c6e59bcde756945f93685401b825ba9dd7243d907d74b58a1d826609d72

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptHost.exe

MD5 cd6989970b9ab3583be5cbb54c76a639
SHA1 0d75cb74d321702f4b1e5049a51b22f3b671627a
SHA256 25d48eb9f8f2a413d31766f861b755c4900a588e7ca02761b1be5482036f73eb
SHA512 590f8f6ca33609c3a1b266d29a9caa32a1380e9cc8cf897547a06c173a721921c45a0f3965955079125befd69e602958b8115ffecd5cea32dde055b928bcb29a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zUnifyWebView.dll

MD5 955980f1e37f5765dca57c71d08f7a39
SHA1 c9ee031c090cbcfe9ce3580c2a0bc6067b4b143a
SHA256 1834c28e1e9d8dd9ef65c1d3f414f8a0f8392aee1395e55a72f1292cfaa6fa69
SHA512 b43633a05a70c2c7a229472ed353513b1dca9a4d7f43874889d35396bbc96b28c9e7485b53ca08ee00e6dd8317295d46eeb533d44ca40ff57a17f6f177b4b0d9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\msaalib.dll

MD5 2a88723296205e24f7244db2cf171bf0
SHA1 8c571cc87c59250f0b2338c0a6780b2de57aad02
SHA256 513cb10a432f7432d2437ad1967f3c4e502173f4c30b91cdf4633e167265af4d
SHA512 99e16069d28cd06866399fcb27503d311460020243f43e97351b8bbdd0b759284d2d30e3fc4725b3495dfe0170346a58dd7f058c8a8fa2e38727e998444cc579

C:\Users\Admin\AppData\Roaming\Zoom\data\Zoom.us.ini

MD5 b097e273fc04d92b641390dea498415c
SHA1 e1b4b3fd29f5dea25e501cc7f4d685a78e1ef6bd
SHA256 aefde5002ed137930ef130f84537f5472c58ac63040d71ba818bb4df5a46abec
SHA512 59b94f8ef560258bff8730fec5f32876f8c84d87379d3823559f666fed9bc7f9c91ef99d14e4ac8b22fe4c2090f66054d0ecfd8885605409b0705a017643be83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\368a1d7e80886d4abf7545048feef103412df065\7e085300-5b31-4ff6-af8f-9aa4744602ea\index-dir\the-real-index

MD5 4e60bf6dbc87a79efb88932cd895f692
SHA1 a970037e7a5e8284766d4b78dae0c119834d32d9
SHA256 0dab7a7983af5ddf70f3d925190b04ea9f5ede93c9e48d706c7e0ba3c691fb0d
SHA512 24352113b655f10d6bbf1d087b0aba0ae8594725ddf8710c379f1d304cac264740fb721b1eb81a3f4f0be479149955922d4a6fd45bda10dd72afe224a3248ce6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\368a1d7e80886d4abf7545048feef103412df065\index.txt

MD5 75ee8770688a74ef1da1cca18e640b52
SHA1 d550d8438e4d3a17d9d05755342c284bd09c8be5
SHA256 876887a5e874a5f4872f03c9aede15255d865dc2f8c64107491ebbc245a6aa97
SHA512 3b29d2f30b6e43b19ffa8c5255843ba5a24a46a0228202d200917f1893df4685d62962f773b6e552986a021e137b7ff3e0c68d1d7a35e1514a800a280cbad96a

C:\Users\Admin\AppData\Roaming\Zoom\data\WaitingRoom\183063DE-B1AA-44E7-9E93-4A112CD9E27D_default_image.zmdownload

MD5 1246787460bfe5afbf98e4c05097928a
SHA1 d5bf25169fbf011857b4efbc88c2d0341c9bc319
SHA256 fdcba7b55ae06013a46aed9dbe4e5f6e59fcc6384348d085735887ab6987bb09
SHA512 f471096c9014b32552f3044ceeab284593a4497b090834ee860d513ca663e1990bd4a30e3b2022aed68d6d218b934078ee295f96cfb30abdb774a177781a62eb

C:\Users\Admin\AppData\Roaming\Zoom\data\PresenterLayoutWallpaper_Thumb\{E9463219-5734-475C-8376-3F1C7A4CBEBB}.zmdownload

MD5 c1b6aec6f4f340720693487476a6ae8d
SHA1 74f831d1b72b1e920719f529814a6bd5a3911261
SHA256 6c3eb8560a559cb7b35f17db34a1dbed4dadac66bc2a40aba40cfdeba4b84ba7
SHA512 22038feb44c4efb999db949ba3b43ecd36e4980a47825f182dbc9fc456e38f970d796df0cda6735d270ab578739109c2d018cca9bcbe507b0778fc63fca0ff87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 923b3bb5c82e9baeaee62b9c27586ecd
SHA1 0b154886e6c39aeb36773e67bf4771c102e562ab
SHA256 149b8b5a5f61893bde1dd687281d773bff95e2b8ac1402425da2f657ea0eb136
SHA512 2695db1fb6d352388955ca50d8a876bc5391b7c8b8f401716db56713d5146b7cc089f9a08d14db69b8fd2efeff46e9a0931088f7ab87a129e3abc651234ab107

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ca

MD5 7950fe92d2ced9007c2c8fc77961113b
SHA1 8e4d8e427229fda62cae84eb87e182e7c767442e
SHA256 da981fe4acfc08764ac86ceb9f4d1f7efee00875e39bd387e3c270c347fa04da
SHA512 2e542428c2e4ad6783ca7d6e1e0c5de3567998543f08d7841c4e6a3184d6c8238fabaae1811a725102ce1406b6cef22497e95114f8450bc158940c0a9c9cd5d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3c4fe1e1a83cc5d0821dff1a9db2302c
SHA1 0c63d9e6618e0ea20151771f1577c0efc9add40b
SHA256 814b8335299079586f84b20adbf869636d01a15145b490d71bbca8d54f302807
SHA512 c52ca05dc18e658428856db804b2388724caa947c22a70bc55fb581c706066618a7a73532ee992dc66a3ce6245e2bf59cb725bcc9bd17bd8f471d3f8ccdfaa48

C:\Users\Admin\AppData\Roaming\Zoom\data\emojione_low_20231020.zip

MD5 c0af830c35c5e4aad4f7ddbfa0450d23
SHA1 ad461a5c315efc4d75b875708ca1699413faefb0
SHA256 7a10b46eff3926bb0492d7441ac8a2959be8e33ee043328cccd0afff831c0421
SHA512 400824cf7424be40a387563d4bdc4fb834887c60722f1a8f9fdb463b8811fee501a2bbb3d94b6b180288cfc7ee128e1a1dd3a65bbf17c62c27d6983fc4ca3a05

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f1f2-1f1eb.svg

MD5 f8d3c0bef471e7640b5849b87ba7d56f
SHA1 eacf345d95892bae61555e6c5bc81bcea26028ac
SHA256 5b27690c0d0ff60589cd44639e0ccadc35c8c0a77353034b5090d46bab89f23a
SHA512 472ccfa74c68d29ddd92bad21212468cd916d4655c2cc45d9738453f5fe3b3a160d5c0a6662c85e1b5ec7f63ed8fa73806cd62c3a996e8d9b9ba4490e58c3237

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f1f8-1f1ef.svg

MD5 f7fe36fc9582b6f1aec06c3c73db814a
SHA1 a6e0588f908d6c90dc3e1139e84f10e82614378e
SHA256 60b79284599504b50170ba506dc0198a4b058711058050ecdb1c0c2c617e463e
SHA512 759bd57e7aec253f22e45bbb78ace2666b256e1b0593231ee5a124ab1bfadac1e29fc080e0f83c28c3dc3b449ef2a432c7ab3ae2e567f3763497c1a3f0372475

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6d5520042c90741cf91eaef6d0b89575
SHA1 44bcb01a3c6cd6a6ceebb2bf188613ad999ad3ec
SHA256 d7c4b7464c1796f4cce729e2a78ad0b7d62235f844fcd6577678dd3c94d30f6a
SHA512 2b2762e4cbb2ebefd334ebda7746161d88c4104447da8c3c4df1634dd72bc924d527cd07eac5cac0aa850005b19e43eb4a46ca4b37de86dc0065efdef1823f0c

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f3c2-1f3fd.svg

MD5 78a1987b430e7ed93a0b5e24d775bfbf
SHA1 25713b0457877a92d59a0163c3b49b26a31e8aa3
SHA256 48d68ebb5e24b6a03f8d3de6f219178c78ea5c7075bb00f7cb2909623d38a735
SHA512 cbd0eece4f6522288f3670c203f5112dde50aae0fce683867a47e8c3d3544c9408b206f84bb123a71a28e15ea3bc936551943baf3742f311eeb3f4887ca4e6d1

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f3c7-1f3fd.svg

MD5 2f2d75ad4844b043de6a9466b2243049
SHA1 7d3c79667a3bbf8a1dc6716bebc54a4d1ad8e584
SHA256 f2a20336a2ff3706b8ad123e0c2d053d4c6cc77a8c9879d9ead1cc1aadc563b6
SHA512 1397d5750a7845df9a3e0bc385d518db16beec705684a5905dfcb282ed6a7515ff8dcfc278bb13553f469fa7ad2428aad572974fbfbedf06e2011ce8132d4601

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fd-1f52c.svg

MD5 a60e9a7b24ce9ab6d0c0957d7d6a65d9
SHA1 9b871da8744c9a798ea4253c51c94a18a77d8aa3
SHA256 f0ed131631098d4105d7876796827037da16b711688b6fe488451e8dd4013d20
SHA512 8ae4d41e5073fdb0fd4104706225b7e734de9d354cf21ee51fb47618bc4215c5ddf0d51c28d5a8279e8c83fd3276cac9ffba6e14950b245e153cad287d256e0b

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fd-1f91d-1f468-1f3ff.svg

MD5 735c34515def34f27a7154fed455ea2e
SHA1 7b01c41ad4f90adcb16aa88f5a14d78b8c1f83e3
SHA256 59fae5454e5926bbce5b7c4124021a57b3a02872e2f701bbea9120195fd92e83
SHA512 a5c4986f9d13c3eca29f1bc336767c7f71d675d08170e20871652290d69740810de0200a5fb1b2b2df448eb3e33b88b5e4be033b23de814c80208d1d0cf3fc1a

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fd-1f692.svg

MD5 6ab9ba64e70c4531b2bf14a0f4a9b9ee
SHA1 b03115c46dfdda9e3e3e2df99e010e0445e114f0
SHA256 b83e0855f895f68b6526d6a5d4625dd58541c7ce45362fef749c076342c8ee23
SHA512 fb6bb47fdcb13f493b73cb228179af72ad414231532e7c53206710d10a66bb417500acadf6211cbebf604df04bb88877c8808b2c06730db63ad01e2107784c4d

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fd-1f9bd.svg

MD5 fc7781dbb545d1ed0e0cf7e0fea1e792
SHA1 6659d41a8053f815157715a71e5ee866272c3e4f
SHA256 7c3b276d2abca816fd4e1b9b8d95fc34996fda262a75622ba0d8ff6f7de0e0f9
SHA512 3d96d7596d3b856a0069eb47254bd6ee8bbf8689052cb74290a79b622b69988fd4471ac7cd29a335172697be95cdb67114268ca0240a00661c1de300793df107

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fd-1f680.svg

MD5 7e3467e8140070dbb54f3c730f8c3b5e
SHA1 1d1cb357a9fc85335504cdc1c2629a18fa6113e2
SHA256 d6a92323fa70b50cb0c0afd30fa9fe5ad6c6a6d698b0dc4350bcbc5ab2c7c031
SHA512 29c2a1f28821d97391293f01453f5d96e4c2fd41748b01aaabe56f18a1434aa20aa40ead38d39ad1c09ff7c6d708fad9f773b8f43f3c11b7ba5dec050dbda80b

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fe-1f91d-1f468-1f3fc.svg

MD5 9b40204af1b6a28bb88fc7ffd2ea57f7
SHA1 824ee4ba5ef1bd86373f3cf52d5d6bc89ffe6ba1
SHA256 c144c5d554397a26731f32a9e549cdf334fbc41de2596e084bc65f849beaa4e0
SHA512 ca5f8ac7bbaa90680cc1522a3fd4f0ef633cb020c5cdc212f5128a2ca09f2bff43d32c36c1fc6452aac81d0363f2d51180a16488b7b094662d7e757524e5e292

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fe-1f91d-1f468-1f3fb.svg

MD5 73b97ad95a8461f3f26fd08e18696aa4
SHA1 a2e4a2f24028cf64e44603a4812d498550d3781a
SHA256 d3b32453dd78d825ff4b5d87a120513a7b9bc5c81c4a35d5179aa3c06fe26b5b
SHA512 c539292ac33bed2769090aba2139f6cc809c1be752dc63590f4061698faf23a13928eda3aa1885e21897e9e5042ba09dba51d29d43884495c44af0eab56ff47f

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3ff-1f91d-1f468-1f3fe.svg

MD5 ef29f154a48c86d08cbdbab7572b3880
SHA1 979867f22c49ff27a7aa104b3d96fe4f2dcb1a06
SHA256 a95e0f316041c2dd52c554ab832b0f1103c720fb19512ec28e8a8347626137eb
SHA512 5d4b51221019317b30657474b684723fb4562b8b63fa886f4b88bae07fe97e7b8391c54658badb019ac7c630eee606988cfdae6d100d5a5cb20ac47eac0f1d20

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3ff-1f91d-1f468-1f3fd.svg

MD5 0efa0e226b7360feca7568589b016d91
SHA1 674b86f0672f480ed7475d13589502a0baf2ecd0
SHA256 4b8f977152adb5b7d55df1942ee6c7964413e51dd6a3d66ad25b6e661f05d02e
SHA512 148aec3dc5c273aa7dbd92f1310024621d39bcd39f72020f300bfd857f6652e292ab12219af2201ef23d0f025633944014b79666ff8f72a505e003dd6c05f741

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fb-2764-1f469-1f3fd.svg

MD5 d606bb69825d52fa232142bbdb7f985b
SHA1 1ded24b62be062b9f1c8a5cfa9c848d32339d7cf
SHA256 8668216cc468d471d6e8b094bf1e9cac324d16adc16813529f7fc3b94b84fab7
SHA512 487428414fc0e809660aefdb351da080884fe5061dfb26c692716daabb56e9dd4274ec4ac239094ff847d0393334aad93769eaaa39b66435376b2178667b5bd8

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fc-2764-1f469-1f3fd.svg

MD5 11c10dff05c7f85872f5271ec9736b83
SHA1 ab621f1e66514bb91674b94b643d0ba020428178
SHA256 5f65cf830f17a777ef12a3389030b8b9681165e46e9e3b78917427297839fad5
SHA512 9bba1235cc734c40cb34f3014b28b9b2ebd38e6000d4d624b4220d5358b12f69028217de7db06eeb320a33abcea09bdf9a63bff228c603b2f24df0fa54b9bafa

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fd-2764-1f469-1f3fd.svg

MD5 2272ac79c299d048406d97dff71d8d36
SHA1 5d49db7362686cd9d04fa8a86b19674832121302
SHA256 9527f0b04ccf0c6633b1644e6d0c0fe24d730f58cbff1d4f8f51e71611341454
SHA512 03ab7e85946062d3a7e6f36fc80836f67a13acfc691fe31e801adf5ef903b296e78456bf03df18861be1254f2265ee283509920748e520d587e142226e19e4f0

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fd-1f680.svg

MD5 8ee07bcac94dcf71e0279de998389346
SHA1 817c77b801ca926485663bf7ae600ba162a9eb4d
SHA256 a978d221a399f35ce822a17831140bd52f99b4927b9f10937f4326454a5dd931
SHA512 685908420f4e154a10baac33d1515f8baa6d4fdb22d815369e9fcd30b892a961db0fa21c3eb0e138ace0ca61b519f1771c8aca323b565a2668a988f84cb0003d

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3ff.svg

MD5 6afb2712780f4552488392ac6ca95d1b
SHA1 67923ba2ceb5f4621c34e2f460bfa95daf1f6109
SHA256 cd59ba9c3aaf161a12fa5e863a638f4afe59df3def11eebb7838c1339de3e7b3
SHA512 60f40df51776dacfffea813c4e64797944e49f3f1a46caec3ce39bf07b222d3feb1fd903901b86be130c54fedf028f876eb17d7990acc1a4967a86de0d0f5930

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f469-1f3ff.svg

MD5 50f60f979f5b8918df58d0501b4d7487
SHA1 42a84fec6a296f3b413b7a744ed3e6992f7fa2e3
SHA256 b23f3ccb4901679eecd5bf5e9ea5e029b0321a514bba5551aa1afc483f5cf00c
SHA512 f1733430b43924ea1e5ae5646d79c5bd79eb3602f10e45a44168024e65d6c5f7b28eb195799a8f26a8d495025bc73e3cf277109165e3800577cf8c72a8f6ec74

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f469-1f3fe.svg

MD5 404086eba8b7cc4b8b5b44ec9df3e07b
SHA1 481668caf334af1c4a470cb286047d9d062c3eaf
SHA256 1cfa0c95515f597fe85227dbfc88694acc32bbb14f95149afd8f4f164e6deae6
SHA512 09620638e04eadd7271584acce100b833df9bad0f6cd0cdff256516a314e79ee96f1c4738a98a3b418b391eac70c0337e9b3d471183a2a4c9f2802d25aa3f8bb

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f469-1f3fd.svg

MD5 522586e57b24029cf40f2510c81f2189
SHA1 f379229ed47ce65912c915171bfd0ddcd4ba1b86
SHA256 c4609758c8ceffd10011777b56634e63899ebfd6fb67030d57520ef46c2b057c
SHA512 dc359b1ff7e28b491766782edfca51c8e7282d328788ba3c437a88881996dfa7ef084a08c958b4d2f38745ac4f334e850645ff7e42d0c131a4c75a1ebc8ea639

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f469-1f3fc.svg

MD5 a3f59b88beb651c150e7de7768709d9f
SHA1 2d0cff322641da70d78183a82422fac199a67797
SHA256 890bfb6808ebbe175580456aecb93e32c9420802b2f5621cdd17fc48acf6c343
SHA512 c447f6b989f4288c2542d76357daeae726cd218af17487482bccc24f532a4f8378d85881fd429165728d7f352bb4042d31090e5b2f93d5174c23cea6e0dc41a1

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3fe.svg

MD5 d2fdf8b5cb9c5971ac4065cb15654ff9
SHA1 755f6d74cd650f3b5e7f5c409780fd251d9f16e7
SHA256 ff727128f23fdb8307a4752a3176068902efdf4842f06dc5ea1f7991da0ff0b1
SHA512 4c0c2a5491b8836ee872afda22034ab0a116fdef5d410057288c0f1c9513b1ad094cb3f81d180e9e6534dc8785eb55cb1b9cf4e957a223151fbeb87f6f5a5554

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3fd.svg

MD5 6110897ee9a8172c6759a335a7c731cb
SHA1 664d134854e2559a575436db21bf2d43b916f686
SHA256 2b1d3918282eb77ebfdbc7253a0c71cdbdbe2a3cfdd4b4f3da42ca10b6d2f30c
SHA512 1304265e21e5eac4aad87c83cda67dac345b8bd0d1146c240b686a3524b6e0ae1c35ba360ed318d38f9af474f9e087471b2be38afb5cf9349e847362d3770ac6

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3ff-2764-1f469-1f3fd.svg

MD5 8f868a263f6b4a796f00e95f9d15fbd7
SHA1 7d083471defacb2bbdf156f251f75755bb188de7
SHA256 df1592e5d8be506a05c38df852ce0fd3b09208939920e0ddbb7d5d108f33b30e
SHA512 c3dc960ae8210ca9d9694d0332d8520397030f685d45e745dc3598b9473f557e0d1c96ed7a9e7e9ec7ab1def29c9128e65277c7d830bfac03b9a79449b2b0a6c

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3ff-2764-1f468-1f3fe.svg

MD5 0f4f1eef680448dc3265335226c70da2
SHA1 5c71dded562a410791f65ce456610a7145f0d038
SHA256 7c881e18ff73044a0e05d838cb14331c591e874aef47a50828d6d392a0db5f31
SHA512 10e2303e0c11cfb5e44002666b9a5bb85edadff592a479792a6c580defbdc56bf6fba4283f21d6e0af1059693f8679f3d2966a2b40b56f6ab0fc52c073b3e1c2

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3fc.svg

MD5 5cbade4f5bb1bc7ef2e86602870b7416
SHA1 13747f011855f3b13233afabaafe95e3d98b0a15
SHA256 80db7ba93c507ad2706a2abc88cea4aa6d3cc2b95a3c28084c66761a36923ff5
SHA512 d944ef268a0ec5886979193694ab39ae90c6891809960e594d8ec65ba949247d0e9d211464d2e5eba37124531fcae8438352813675b04934da33a4ef4884f85f

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3fb.svg

MD5 568f422c37971b93d0ddc7bae6700654
SHA1 a7817d0cbab87c58052b69e4f98916efa0ef76c5
SHA256 ef9fe06c736ba437ad56e3ee0237192fc49aa33df6b740c1e73f0a385d8deace
SHA512 436b3179dace2232471f18a740e205bf4eefa16d51e17bb38e61e890573c2fbaed39ac79762e5c1960c9a6e21a5d632d79351a4cf79bef87a89edb98d85b4659

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f469-1f3fd.svg

MD5 a7da7cef7a6fd12281b1e4449432d0d6
SHA1 4830693cc4a35d84e0372c81b99cf2cf3c84bbda
SHA256 1a9b5d7e925726c1efea278064a3680e7db975e02ae94571ef49244f9965ea40
SHA512 a4c67899f65ab7241351606747d453c61811e70861cd91fedd9b8dfc1232ba4395dc61f8ce59b4800b7d4596a017af6a8f4a845f7247023e3135a4f37e78b781

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f468-1f3ff.svg

MD5 1d6feb3d1dab84ff411803ddc017d242
SHA1 9e0dd2de762aaa367a809ce0561d1f7f6dd8f56f
SHA256 ed280f6d103dbc28bfac0b0cab9ebe4e942fed35afeb2da72760aaf49e3dc5d0
SHA512 5a2c45bde99b07393702270e6329bba5958c9199895c6c6d6039941058e1f05fb494bd49f3d318282d7b1116364c2a1dc103a5d69b1949ea06c5478dc59e4159

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f468-1f3fd.svg

MD5 6c51ff1981a4ace8c74a90c23b04dbb9
SHA1 7a363f1e8d3e2bd18ebf13aa39e2474569b38a80
SHA256 1f4ce13a13158a72aeae70a39582f45370b3c1386ebe69af95a9e1ed3aff9db7
SHA512 86f7ecb883a4d23f7592b44f26a1d584ab6635c5d6dac16de166cad1d20f3d5c7837bcd9c573d57f2fec64f4bf130b3a2ff51cc5e1942faa55fc5318ad693afb

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f468-1f3fb.svg

MD5 20a407b1a3f9f733c2481bc07a720e02
SHA1 776f21c31de2320e76d92512320e179ca2ead555
SHA256 db667fcf69cfd628d5c2132b84e1baf54df55296bf074903f94c41dcc3b669e5
SHA512 01dea1eeb77e91a80a59ba68d1c260ad4f324121fd6207626b0fcb25b4027082a64e83fd0890bdec25e4256efc29357439f47d8383389216c0360eb181634597

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f47c-1f3fd.svg

MD5 31907a7b5abbf66956cce5ad22f4af36
SHA1 51d28c4fb0becb6ad4ce8339974f569c9f129d3b
SHA256 756a3b424199212f63753a1f2672245a7241c9877a9d65dd263c596c9e9e52e4
SHA512 6c676ee42bd2cd0cd4f7f0703d1fa16ea937ea6efa595456836f43650bba4dfca52bd85c5d7d48db65efd67cf00fc1c4cbd0928739a8a0d49c3f9fc66bceee7d

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f482-1f3fd.svg

MD5 38fb06613dec33a6351b424cdcf9e798
SHA1 84258f41e485bbf36fa16a0f7691aa345c30543f
SHA256 bae702a8a27664f5d7378b7bda228564e8eb87979756800fd8233c7fff7f774a
SHA512 d688ad6e7c87ddf4a5bdec4c21c5be06110c918b6c1a45c88f8781a024ccffb8f17a3ad32224a841879362bd3813d7485fe809e5fe427722b1df93daa6599f7a

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f482-1f3fc-2640.svg

MD5 aa8b34acf3940fb01ad81a331966d9d1
SHA1 09f4e91e539fccd1a161337a0e2c1aea35e9d33e
SHA256 b382cec8be2da96902d0b13040614767f5068e669a42ebf9b633d210c7c75f52
SHA512 17c80f0b1728d7b990988d25ca960cd40adea3be218f8317d7b956501beda4be2014063d6362ff5f2f332d519dbe1b951f6c3eb8e5edaa04375153316e8732a3

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f934-1f3fd.svg

MD5 2c3304dbf27e8b6205b1b315982cad8f
SHA1 a61bb150f6ac5f91ee6003a7f09bbd9c4dd719a2
SHA256 1687f8f975770db3bcd7ff60181a0d9350592dea6d247fac0ca050488bb416a8
SHA512 ad58a0af50afb3833782702a794a23b9257ea71433d7abd79baba186def45a529780614074545c5088c48f3f8a5f9d214df05f07e05224014acfb31487bb6a5e

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f9d1-1f3fc-1f3ed.svg

MD5 cda158ec90486e293a00101388fb056e
SHA1 0896e006d0a755dee3491dc3411fa97d574ad940
SHA256 7859e07bb93735b5532862e95b1f4928bc1e7ef186ecf6d8ff7fe354e93cb103
SHA512 411b7c52371031271e4bb2f42a6b49233acd8706cab3240a34fe2cc126d4379deae34697f89adca1df4c8752dc85351292f41af1120f854cebe1264978b78dac

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f9d1-1f3fd-1f91d-1f9d1-1f3ff.svg

MD5 c4fc238c34048e2343d2f1d333f442a7
SHA1 d28a3374456d986883a13db2cd6cadf837ad9721
SHA256 27a51afdfb403eb26dceb8e93a6cb81f4b27b10feea67b80deee3b7615ea054f
SHA512 429bae9b278b36fc645839a2edbd8b2cc9ae88ef1403825f8a539b997bc5828b447980ceef5552e4e98f8b12fb3641ec6796b70a7977201e426b57cd6683623e

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f9d1-1f3fd-1f52c.svg

MD5 1ee874650b8f60d065c04c24dda98b36
SHA1 a9f7e11278178260b22459d9592dcc74e0dd0f68
SHA256 c208c8c9c35327edcc490a569b768660ad8d363e1a6df57f9ec2d23cf7b3cfa5
SHA512 1404ee708959f84f435ec6b933bd8bb8e5f8112759aa5c5e3e36f24947bc29c54130a59b365fc6ba029af3df2af28c94beeaac66aa22cb400e5601ec1827edd9

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f9d1-1f3fe-1f91d-1f9d1-1f3fb.svg

MD5 0be420408cb2e02a9b44994f5531bd54
SHA1 a06b83bfdc3a7148032a74ce0ec1dfae35e04192
SHA256 4c3213d121cd3088cf8011f35febf1da55b0fd12463526c123467c9f66ea0128
SHA512 1e584942195bf05e145d1dd418680bd08d669573edb8c4c2e11a57739e0c8167efcad307e6ed7f937affc082399d54d43b25f3ab26f3feeecec7680d0e6e3700

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f9d1-1f3fe-1f91d-1f9d1-1f3fd.svg

MD5 e62b4de2a7185945388326c56cb2b684
SHA1 f1af67ed15c5409bd21550a641f8ee505e02cadd
SHA256 5f864eb3b33162d211cf6f22c4fa31be34a09bd655a23db510a968b3bf6cbb59
SHA512 7ebc4d82fe969be4b4440157f125d130adaf95cfecdf4aa808fa71b0ffc43f3570ffc2ae5b453a4e4211128de80ff08ca5cdc6dfa810ccca2eb9365d6b4559e8

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f9da-1f3fd.svg

MD5 b1a6c8f815b476d05e0b208319d946d5
SHA1 fd604b0eb467422a2c2033112358a8d6da60a7b2
SHA256 bdb723ab23ac185b0fb42c9979cb72b93d6c3167ed666c4f39d32228492ead23
SHA512 fbe911dcf98380240b6d52b55b5cddcf714b4df978d94c87dc6c28159ae477a282a5b07b63f9b246e4b1000e79fe5a116684792ba1c9f50fee3eb5065ed186d9

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f9dc-1f3fd.svg

MD5 ae020a92111b11fb3de388bc4b244b1f
SHA1 8eeb8aa46c23464932e9f952751391a20a1037e7
SHA256 ac9ef9a5952889dcb438f0eac84fae7c0c8ebf3acceb7b85eb602e14e4e77a60
SHA512 d5d522e808f6b74ef82918103a2a05d6896f9a550c4a7d89f452f65c647e99fe4a6c5faa46ef7a6bf6951cf5d391c2db0ebca2b14bc9d151cf8a2bc88a13e28f

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f9dc-1f3fd-2642.svg

MD5 1766a43198f64bd18de2e07c2a5e3293
SHA1 80f361eaa5d358e62a682955ef01e276b0547ac5
SHA256 5d9d857ae1f8f5bf207fc53ae02aced36d3956e4935920ccceb86cc7fdee1dfd
SHA512 50fbc7333b587c2ddb8b72fcec371d77651d9a52c961592e22387d7e6fbf93ad9eac7debb87f4f8be55259e2687db7a5d840e2774de96a3baf7b9b6808032e5a

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f9dc-1f3fd-2640.svg

MD5 38be49d9c762eebbecb9159b93493180
SHA1 f0034f4ecea3228d316dcd5b2c1aa288529901ff
SHA256 bdfb39589b195ad4e36414bfb8ad249558c55dce74533e9ad8ba87e63371d75c
SHA512 56da800b3e1e4e321528ae37ff5402c4ac89966e25b9fd5452253bda8e21c3913d989869b824c339ee6df54e348685f65ab692e96b2bf72e0b986eb8844c9c9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 be0976dba6ea8b3f28ee2a3e017f9bf4
SHA1 4b0178821be1d175110bced76fc2879eeee77044
SHA256 8e2341728e79318b0e3a0ab4872913f957286221dd6431646ee9e18eca4b9faa
SHA512 d4b804bd759027d16e14d1bdd4ba93304c2a4711b6809d1e22b8abc9fcb6a335b467a3a1e7e710cf08e00482a2655ee697f1e7990d405c48c18124be8b17ef4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000085

MD5 fb9a2c1d84339a50cd3115b135965506
SHA1 109a42af8e6b87f883b59dfc8e1d02be649a2ec9
SHA256 b95b06d9d0ddbbaa2e91d1f84468d0cbbcf04126f205bc5ec015de356e4938c4
SHA512 653838ffc5231b0b68ac761d2ff092289adf86210077ed269c31039840d8910eca65fd4ce4d5e215c6df7916f6b7890145b1bc38baf8b00c7216a05b29f44705

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000086

MD5 82b7d575bd5efdedc4c3d902677f6690
SHA1 0e0ce388938f7d489ffbce48b6f8aa0e5bb573ac
SHA256 bc981d425d3ca9ebe61d2cf2137e7e2be2fd6235128a5c6be1b81433044e2b62
SHA512 c2b6f1ac726935806e4e693a0a95faf947cfe04743c598f0dd40f72a716e37a4b46c037ccbaae772094b8c6915f54fa92a05b4dabe1c8d884820d83ff75877d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000087

MD5 498510bfc3d4f3954cf40d4a506fcc72
SHA1 47c4c30b331fac0e85408703aa3548e5b990c2d7
SHA256 bb93626dee4695704bd92fbfbf284fb189af8858e17b3e8d6ee51e5bf3919379
SHA512 fdfa5735139481f4d7933b4f34f535660fc9ac720e4df1f28837d3ae7832e883a6bb116304b1ad8225124fe8099bbf0a02162fb740b7a427c2346502034d173b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1ea7c0264c8995649b5952f7421912fb
SHA1 976bdc2c3ac56c9019b5e710a73eec0c3f4353d0
SHA256 1491853da9ed36e1d06b8d4e6f6e24491fc32ed22c6388d0e36e8e9bbbb34cb6
SHA512 18ac23adaa8290d6140c2ed511dddfdf88eec6894f73dc7ce55206854f411832330174729071cecf569b40913d7e97e68c28811ebdc63731729be5f093eafcbe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0fc1980c-1da1-4980-b25d-fae61e83bc5a.tmp

MD5 162ded45ba9f5371932a875b31197ae4
SHA1 786d94be199c4f4ae9bea9eaae130620c32bd152
SHA256 ad1e8f242321d613fa1c64328c78c08acd794b053db497d1fb7a314dea07373b
SHA512 718386e758d1af490c194e9baa0db8bb7b5e0bc54716136a3df71dbc35c342c5533fa945e4f251937a845de91f1ad43c6a9c2edff79906a5e7e19cedf60dbbbb

C:\Users\Admin\AppData\Roaming\Zoom\data\emoji.version

MD5 964c3f35dd5e045f5a496f676d636a4e
SHA1 eaaa763fa4ccd3a911e735842a10d0c4a7fd70ed
SHA256 b764fb5d1533a8c5bc1a8ccbe97cfc2c831059f3864a4804eb5d0d6bc04be3d1
SHA512 1da729f5c3f5c603a90b0f5cf46c824b8b0a9a2a54e91f388fc1813a50d1e8835e5f5c554a526c4d7b6eb21df2df71d07347bb26647039707f5c806eba837080

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f093809aa7c8d699476d41741efcb103
SHA1 9a579463b3664fb235eab70abcf5bfae06a0f28c
SHA256 704cb5eb359b7cfe32ad4fd2e8a4a0be21d4d81e73f97cf87c032271026cb83f
SHA512 7aa7f0abc1be9d61202c66defccb34217ac327dad51c47642bf57a6cc8a54d4a65997c559f7010acd81c6b443f9021ab2282b24b3e211feb1b9e86ed4d51faa0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 90d72fafc55f9971de56e9dfab4db8ab
SHA1 1d502ea03e01acd45d0483506270969aa0b88183
SHA256 a59bf2a02585c190a4ff65578efedbba2777cf2ce197542b18c89d7264dc009a
SHA512 4e2977597d520c0cec5bb420f0e787cec1bf31fb6f924f68ce5f0b64f7adf095d795dbdba5e678ca85f04bf11ccc0a864db003c6312a956bc7a3abe713b7209a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d9bb418497f3987dc7e39b282a59a992
SHA1 6a1248d116e9ee25d3210c264a8aa80dc967c76d
SHA256 72cc8a4a7f2afa4a86db4a28411ce74f0a0c1dcbf319439a7af87e7d3534984a
SHA512 3f3d5e4bacde64ff99240e32c57dd7f70df59640c129e1ba2f2755d97206dfd3ccecf5d1f7d83051eabad922a77b1b9e8d68490815e93141d007d2091fae34ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c466e98dd80e8299e4e38601a9b70f79
SHA1 d6d6018e537bdd1fb8a8b09ec2e6096b780ed0da
SHA256 0fa6fd9142b98981b9384c72fff8bac1448fa782532a1ae469c46f740cf8d734
SHA512 ffc416c49fdce5b0c2eb16c92119fcf8801dd9f0654caa50ba04a6c376f797b502b844f3db2395d90174dec65f8374ab73a574d190757b68c8e3e7c75aed2d5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a33edf3499d0fe24cf0b9cb796d5574c
SHA1 ba77de01dc925a53bc670f08e633a8868a50eae8
SHA256 6fb54387c0fefe7886de9eea725d0a55be490a355d5da359f29a6f8cddaf8966
SHA512 90ea30ed1b0a8a4a50c1a6e5c1900ce0f264d020267d9ed3b7e53d7b4050cb21c6b472e2fb6a4f480b06b628b85bddd1d39de5e3ae9f7d790d9de099357d6815

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 78c69570c2a9504c6bfc35be9e3851c1
SHA1 3aaedc67c2a9c814ec75e6b574fbfbaf02f5ce11
SHA256 9f3f6b184a611b7c8fcd64c785298ccac85fbfab767876b46aa86547bb4e098d
SHA512 3a73454cdaead9776f469cba160ec838c805003bc7bc01bbc607ba6b9c9cd8f3b3bcb08e46f5748eadc71fd49a5a40ee063d7fdaab1e67c3321a9f95b1793404

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 846ffd615712f4b3e16d5a7d77acdf7f
SHA1 372091e056f2fa473103de0fecc25c9d46cdaa4f
SHA256 5b5d09443f693863dc54bf5d347eb86100b50011e51ed82a185254e4a6f32e47
SHA512 9ecba1e0e2e3c275c941fddea3886c89c95ce2cb82f2a682204d54f56df1ce4325368ead2eb09ba84f83370d5907865151de36ace4a1bc8d98ccf184a8b5d33b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e11961468be7be10dd1796c36345f628
SHA1 34f4e9cdbbf5a11e2dc1822c86f2d1f4efac91c5
SHA256 ef734c9d6c4de6ee45c5bbeed979a6687ad676549fe9ea2ffdcbb9e4a8e9dfcf
SHA512 2ce6b295e2072ca90b20e74c4b02d0c97025214a63b01f05dfbdfd9fc90167948567c67f0e7735056a37f8d897ff37fe7a9e92b52c6b8675c0db9c4f86912464

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cd045469cff2c7ebedae024d94d4dd16
SHA1 306cd04941f907ed0e7ff2ebc71b67a14f494e63
SHA256 5081dee55cc34be2fd5b4034804c8366feb8b2c35d7d98ce10a0036c74b14c05
SHA512 a826ff24e798ff33b4b75228ec6a15f42eeb0132db0bb1199418671bb9abb617238f4cc617178896d13bad1b28359445017830ea0351866e94d88cffdc6900df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ed

MD5 dbb80671e5ebdb4075e848452aad9c68
SHA1 2f3ab22c5a70db0b872996115b62b9e1a1eb1a53
SHA256 d52a490997f2e62f6adc548222a3eac21ea38edd4542e5d4e6bace7c2396a662
SHA512 d70ea7aa77c0a223bf26566eedc509cc2802fd1779a93f60449b1967d184eedef211914484e5543b26a131513fac3d05b5cdb99f4bbf374584d1921a16f03652

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f5

MD5 4bae60163f981ea3277e017b51d6e3fc
SHA1 1f417a10f896218eea691cce93e78c8101e59e50
SHA256 fd74e3a4af4b411ab3a3821129ab90de91e79f9a9587d576d3609fc172623a18
SHA512 89c881429e4831cc31340baad0659acc29f2fd49761c1660bce216328a27c2e08f186c2db52a9bd8515adaf92307938110dc1e0f1d04a4ff5894fb16c3b4c12b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00010a

MD5 cf09527b200d3840d04d7266ee4c5029
SHA1 7bf36014605218b5de1ab3fcfd309cdafe854462
SHA256 d35dca2562469c4185eac49db786145524b21a5d58ea5677ac8e82d3309aec39
SHA512 31d05e765d0aabfc44d7b6321af176a477a1ada99cb88907b347fda1a9efccd2effa8011084374878c7df20fe6c3a72d6c16164b05d07f9ff23d81c130d54f19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000fd

MD5 772921a67ff6a39c4b4447ea06576497
SHA1 deaeaa4770a806c4effdf626bee5646150c10e19
SHA256 33ec947034d642e2eafe5c2663ac97375eddcc21c54a67a3a13ee79e4f783954
SHA512 83d8e5063f5bda2e7ab29c2b693fe3a2cfe1a373340ff1437da8d6a03bcd82cb9f6747ed7be8db78a024f940b0bff307e05d7806d8718a5f39098ad7f188c5ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5703ee123619db950aad85e3743b8d6d
SHA1 409dd10b054656ba48fe727cad731d74c6cb3936
SHA256 f710aa4a9f4339dd6ff91660e466b0fe82ffa52439e33ef5d4d48e01592d28c4
SHA512 240a4a2ff8ed4f9e0d0a698b894ad39664fd5c138da7dcf9cc9550815a7480567464422ae71d13bbad21e96aee6bd7e697cd89d1f51e265ed8d22b8e7ef999a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2a0a5853db0ba676a203f47c43d32ea5
SHA1 408e2bbda33d7582bcac338086c34f73d38f5179
SHA256 f7ad77a80656dec970939ccd7f48c3e9fcd2b07b097b54b6427c159e861562d6
SHA512 1a9538441ff82b3b919a9fe33ec4704a023f773c6028b389d224dc0ee300a99711088cc6528141ae284ecca1e0571b5028f88136ddf6539064165f8d0e68b74a

C:\Users\Admin\Downloads\world_of_tanks_install_eu_cywi9v4rn4uf.exe

MD5 841c2ccefeaa8ff13165593128123b96
SHA1 e9419b5edf3ab0f848d2f480b06647e2f1ce4a7a
SHA256 825c85fa8da65a6eac7511bfd058527b29bc71a2d67beafae1925e1cc08c9c49
SHA512 89ad78150402c2d4d02070c7cf59664a2d59934a2cc1ed03fee77024b207744f47c0c43d265deba4e05011cb513e171b7710496eb3ff78262e512b5bd8df77eb

memory/3236-13690-0x0000000000400000-0x00000000004EB000-memory.dmp

memory/1060-13693-0x00000000024A0000-0x00000000024A1000-memory.dmp

C:\ProgramData\Wargaming.net\GameCenter\data\wgc_tracking_id.dat

MD5 452325b73b6535bd6c4769e1db6ced21
SHA1 95b7e325fdc8fd4a7edc2ee31f118af77adb2708
SHA256 e644408a551c702b60ce9e3e9f12041335d2c853ffaf837f0f539811c128ef50
SHA512 990ba66cf16723d1b8a5cc018e4074c63608c0342e06c7473fddc563bf7dd7ca993c30f17fd54269cce2ed34a19528c264d038afdb779cbf8b2c2cbba7763327

memory/1060-13847-0x0000000006100000-0x0000000006101000-memory.dmp

memory/1060-13846-0x0000000003580000-0x0000000003581000-memory.dmp

memory/3236-13866-0x0000000000400000-0x00000000004EB000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 441551f7ca14eb06c0f1dbab6ab8ec3d
SHA1 1670a00361ad7f269994470934f50897097438ed
SHA256 23c397e68fa375f9f08357f5d1cf28a142a2d910fbdb634df7dc969f5cee972c
SHA512 fb335ad6ee3881dea4073235ebffe1134b50975e00ab75f0514b13042c71a63ab8fc26ce6eb8f1c6ce37532626e9b738d8d812a2398beef24169e2c21addcd34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dce499572b181303299d74ae79aee075
SHA1 d8322626e0586297f286a6a98230d6bdb129fb7f
SHA256 dc42cf815865fe4d7577f131f663aad9c94d33ae8e524c06394e124435941f4d
SHA512 e4bdc0d95ce0602ad0e3fa2f95486bd36ca3c14b437dc72034b126aa2a50ad2ae25ab8df6c3193f91a3473126cd0a541801e70aab8bbd72c172daceaaefa952d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 c17ed54083a12cb739c758529b943bc1
SHA1 e0fbe4f62325d159d05297a1e9d8308ffe1bda7a
SHA256 e6b6136f72842648e73918f9c23e9d44f6c08848947f462d750f3510f74ee050
SHA512 76c627c8f1f79ad59a7fe1690776e5cefff0ebd5396cc61653caa146c48f951502091fb8ad00b872d5d38aa9ba98dd3ec5c4bdb9cbf9a5033836ec6f7fd18b31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 17c4740b54a3742681d3755d5d6b4eb5
SHA1 fd20ddd2615506241a39759e570d1b953f2ad372
SHA256 08a7310b25abe25bf1380a5d7ad6342b57d90b993ec29dbba2049738c8b03076
SHA512 17c9742c27751c1cd8e12eef7cd025f20c7c307ceff28823158cb3c18308b014f65f3ad987fcfad14d0821c59eee4a9c717960d87a671132870b3bfa30df8648

memory/7616-13915-0x0000000000400000-0x00000000004EB000-memory.dmp

memory/6580-13918-0x00000000023C0000-0x00000000023C1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-C4FIK.tmp\InnoXmlParser.dll

MD5 fa1969e8a1fd8690dac63c523487f790
SHA1 1a2dead73bade541907fcbb699558fde20dc6971
SHA256 b2a37e406a18cdabccb375328b13fa90d58e250ecd9866ea286e64d28ab536f8
SHA512 4cd630236bc37d49ff4b7cd363f12781cc7e1891800ab60a71cd401465b6b2748bf0925a2eaa78db5036e5a47d37e2c39cfbc690c562e519cbe4bc18882f6633

C:\ProgramData\Wargaming.net\GameCenter\data\preset_application_id.dat

MD5 fa5a0614bfab920f38b2d4fcc05a2089
SHA1 b929ce457e57cbe0f6ce456edf45f68ca2f34895
SHA256 5c7fd314fc0999424889b1bdf47acae539c7fd9139852ff7ffc78299049cf0f1
SHA512 96ccc456245f2999ef4144b652d84aa6a7085f700ac4c9388b4e02b3277aece2551aa656ddd8893567a46749db9b17e281b6da03141399c10d450f7ed004d9d6

C:\Users\Admin\AppData\Local\Temp\is-C4FIK.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

C:\Users\Admin\AppData\Local\Temp\is-C4FIK.tmp\VclStylesinno.dll

MD5 805291a85f58787a38d2a30d47c626b4
SHA1 f3c41691b38a07215fe77cde23d5f2d5ec6817cc
SHA256 864de39680b1e53cfddb92231d8191074a5a15a5a1ce9c86c84423d538b8d33c
SHA512 298fc149105861badf16a6f0dc3277d6b1e98b553d9c66c469ce4d2c55588461464a0ce1e05e3fedf24be452182abb4ca6a56c0f307507521dffedb425585bb1

C:\Users\Admin\AppData\Local\Temp\is-C4FIK.tmp\style_100.vsf

MD5 f131394d6a272a978a54096071eb2d7d
SHA1 eb945d33da5d4a8753f6bf3a44f1422fa46a9f9b
SHA256 9dc1c71b59a6d33f5a1f7279b2db69465f06121df77ca11ef598044879df4a0d
SHA512 ce9eac1b16ee55db7edff2f63a0b4119b41efd0b93f367fd7eb359bf774f1b9df5bfe0e4f77fbd5b1f81bca93c9a192589b8565f6a6d459222b05131444e68ba

C:\Users\Admin\AppData\Local\Temp\is-C4FIK.tmp\InnoCallback.dll

MD5 6a1e58c4cd79f796774879839e905819
SHA1 9a307f0548365666482ecfc47ef92370983af347
SHA256 80fc1da55964f5762af3b7e80639651cee78a19c140d6dd92d6c329f9e03c5d1
SHA512 0f16c23efd1e86cf67701b05ba02081d3293b8cd532a14f842cd0341a42382bd59456eba5233992621b979184cfd7b68731103bfe7f984abdf72e24222a23dd1

C:\Users\Admin\AppData\Local\Temp\is-C4FIK.tmp\layered.dll

MD5 ce0a5d679d32ccfb4c9a489768d0a850
SHA1 06e81c8ea828ca7a725d6c2dd694348e4b528bde
SHA256 ea44767a041e1cde1dd8b804d09723ec339d167166531f8a1711ad6b1f8ee143
SHA512 402de62fe20c87713091f6b3328076d34f2f0b256d25fd583b4e3ca6e9a9c253b8f897e9e276718886dbc51baab007ae2b3a87c575a7c7bf85b6a75e724c9cea

C:\Users\Admin\AppData\Local\Temp\is-C4FIK.tmp\win_toast_helper.dll

MD5 090153340e70c51ae3b5dd9e63b03fe8
SHA1 a2f34b682100be7bdf255b0719840755d238fc67
SHA256 61f17a11e839c61caf94e776dfc1708f68870b5cbd9625201977bbdcad682915
SHA512 4a79c49e89d0b6665144e1f10c23675eb30b2480a84a1b6437cf1bfa7ca090d618790659b5651db81e8244e3399abc84cd988bcd718d4db8f8341ebbf9a64a87

C:\Users\Admin\AppData\Local\Temp\is-C4FIK.tmp\installer_core.dll

MD5 d5097226b242e531cb617a96bbaaca3f
SHA1 74dfe10a90d3becb78a826d8269daf614e32a1af
SHA256 7180082bc6cfd2f7756321c805e8309dec469489e7a29e21257d8d3d4ac847a4
SHA512 f02ff50b514221c9b52a19c4699b8d36938d7954c6500f62942549574eb8cf2e40cb519c7f8aaceddd7ed33614c7c03d5f5dfbabacf68a615cc59d7fcc1912c4

C:\Users\Admin\AppData\Local\Temp\is-C4FIK.tmp\popup_btn_support_100.png

MD5 6eb9e8962ff0907a88b0ecc4847b3f12
SHA1 b3b9e9ef79903f38df13e0ae66f280dc108fd0bf
SHA256 ddfb9332a0a0765dc185e9bf0723c8c20da19ed6ce309f0ebbee20f491a7d600
SHA512 8ddd25472299a7609cd32c0538eb43ad20284dc73a427af604aeb20ed4cb67d19ab41b32c96f37ead15dd67771428bf43422cbae6261439a985c624f4485adca

C:\Users\Admin\AppData\Local\Temp\is-C4FIK.tmp\popup_btn_cancel_100.png

MD5 821bef50872d67def946f0fc8a6a36aa
SHA1 64e6a99789b70dbbbe60221d622aea35fd9f3d48
SHA256 9dc280a326b9891fce4f553b3beca1971cc8986cfe6aad4ef8bf39fca241a1c2
SHA512 ad6554867938a7fd4476fbf06904a841fbca804c0e511016e6c9e3a73071b77744376eb2f4a6bde5880ca23cf4e3c67a0ca8ca0d6afa4d2b575dd9d15bf40386

C:\Users\Admin\AppData\Local\Temp\is-C4FIK.tmp\popup_btn_ok_100.png

MD5 774ea5b55a798fe6d4dc496167c822bf
SHA1 ca89775e956dc4998511532e0add701d972eb3d0
SHA256 78cac3923cf3619bab757f2f491130473b4074d5da63fb66cbdf304a7d9b1c5c
SHA512 306d53f62547553d1be74ee8a3fcd5f31a090b5c5ef519efb2728847c53fde990581de628b6ccc321ffdcb7b9eada79cb4699fc50709c0e7a1174c1910db9fbf

C:\Users\Admin\AppData\Local\Temp\is-C4FIK.tmp\popup_close_100.png

MD5 72823893233ef5bfa8066ced3cd7593c
SHA1 18ff34b0a4179470f3484bd869d0da8c09282028
SHA256 8bff7e63096b687e5add15ba39089a5f55296c6eca7d1c1a11e16226fe386843
SHA512 e90ddbeb05b4d5c8a2c1928fba7ac67301c8d1a839cc6e2d1f3d4ae517363412b6f3d5ff193ef1e48d302677338b67a5d07319745ce2c02a707ffea66e577838

C:\Users\Admin\AppData\Local\Temp\is-C4FIK.tmp\CallbackCtrl.dll

MD5 8e504c752f130b74752e8cbb6286680f
SHA1 c5b2c17d48349b7c696c8d6bec8a2462c87d4e36
SHA256 f79ce2c6c0a4042325e92e9fc8132984ac145e31493492e7d9c1d5e88544199f
SHA512 13a0fa1b22fb1c0b336f1edccaf382c45f8f3b36b6002ce043435818a48a9a1dc98f647a85949daafc3609cffb821fb168469c80552305230f264a611ee38d91

memory/7616-14089-0x0000000000400000-0x00000000004EB000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 2c8065909af74a12043df74012b9278e
SHA1 86002408c2f95636a234170d47bc46c7c291d248
SHA256 fc6e8bd97d09d78deaf98a6db1cb4b5eae80d571a91842ddadb1debaf071673d
SHA512 b93f03b631fd3e84cb52c0b70f7d31a43aa27f2f0f46d9b906ff2df2ca9c835288b21570b1a7bdc39bb21913a7f9e1a37cd3fb82a0a365a2838cbf9ccfaf4052

memory/3656-14186-0x0000000002010000-0x0000000002011000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 07c00b8864d64326a99a81c2c6bab4c2
SHA1 f02c3315c95e86305e7871b7b459ea85c653b63c
SHA256 79f29e2e0b28af33dc63d496bd186e2f497787d02f95675c5deca9873aeeefba
SHA512 e66f5f2c3889008c238d91cd2c5261cafd1e2b403e22e57ca803985331587b68cf4f4dcf1fe3fb00e30ea6eb3b29a942378aa071d96860bb8a9d992c1af249e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 51baf94ba81ed8f754aefcc8f1902b6a
SHA1 fba041970ca9c35d850895e8bb4dbf9a7c410328
SHA256 9ce4119a0f924963687c77ee50525740a812160654017f29839c39c7b8de98d1
SHA512 1a9b55d3d7201ee9919463f137270150ce30f95f32be7a3f5a34002e92ab8bccef67e2c5dd4dc091f29c547159954ed89dcade45650f261fc9d6808ce763bb04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5930404d1441c5be_0

MD5 84c8cd87f771ee3b58385f51322261d9
SHA1 c3c31720c14753fe40410601fa45631ec72e6cee
SHA256 ba52a5e92c24c85b07c4088ca368f1a13bd656c17d5f7878caa47e7bb507d7ca
SHA512 657a443b52fe0a1aa53c8ec98e323efe84e141e512408d717923ade5e409338f2dfca231f8cb671eb75a3b4bfd7c2adf92b592658114eb56a9e4021535d8ed2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\46e554112b0c2397_0

MD5 c1a8f4e143a3afb4c5aae54eb4a2cb90
SHA1 c81880b94c40a621c25595f8173247f29e38fee1
SHA256 0455b3c7ea12a75e395905dbdebccda43b2747a759ee0d0359ee48d4d8b064c0
SHA512 51257355eee1bea7629d40a1efa6536c19c2a9b8f402ff1068c3ac8c0856382bc8bb258b2b3a3e76c98c795883d4722cdae27f5f834720489fbc6fd3c84dc665

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2f2871cf46f12e45_0

MD5 f45a6175d37cbc0b8daac4306c7224d9
SHA1 c8203a6940a33ebde668d1e459b1da5d7a405508
SHA256 e0b1bf74fc893169235aea1cbf3c71181414a2f658c16f2924d09369a1c404e9
SHA512 41a8d7b391a8d5aa302c1818780cd0b13b36cb86e39bc907f035f3b24cda3c484650883d72d94a011fa4e73aadf7dc68296d9ff3bff0e1ce3f7f4640048940e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\64896690d2fadcc8_0

MD5 f219d73b504008406aa0d3d16a5016e7
SHA1 6e43a719ca5a91c457ae73dfecc3ce4bc89937ef
SHA256 4c976b0011d74ac08c41452a8f9f01ae760926ee2d62a69aed10f1d72b6cb197
SHA512 304d7248ef55bfb41a936e5de75b56ec866348ce5baa5f27c9819d73ba44e79facd3773d6097676fbec185d77317f50deb7333d094f0c14bd07f859660365ed1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\be21bd6710b39742_0

MD5 830f950ca1cf2fb6835f1f03ae6acf37
SHA1 819ae2776923e3e25e50580cb1d32936f22f48fa
SHA256 e932660049414d94e55d194f4944f4e7e085c02c1cb04b8bd3c54ef30bef1547
SHA512 23f69a3fa49c978e040da049431a82056ca2a1522742bc62cb12f63ae0bf4ffb0d7a0fe32bfbb999ec1cf221dc532ae7eb28e8075c07906c848207cde09c7383

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a8bb84943573d6f1_0

MD5 eb24ec2ce81f704328b6fdf0ff11aebe
SHA1 76c85b52a662a8cb05773f7309e0f0329ddc9d2c
SHA256 70a32c8eda2196cea7cfab6816da31bb551c5cb05a4eb4d36bdd119a5a1321aa
SHA512 b1bfd59d7f40d4e33eab3413de2ea26ab28152ae7c3a9a2b38f33df96ff8b879940d89347d2b9169b5d05865d0a038e4a6b29b924df603cdb552e53907d599ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000067

MD5 4e9dea0563ca5bdd4db9519e1577255c
SHA1 01ee3c89747fba79297e2ee69f0bfa06c20b45f4
SHA256 f7b4eb7abcdf519e5c8b763a2ff412205731f9ae390a54e3f00e89eaadbd8383
SHA512 34f798eb2c03b7e1e2765b9e8239836cd33a8252a5836852bc06907fb52818f2b12186296cc2fb7d5aa51996cd21d7ddd2f3773317a4cf1b2a26eb8c78f08085

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fd0c5bba6591061b_0

MD5 6c003120f8cec2d80b38676212f07ec0
SHA1 20cf0d4e2c973354c4e25d25609b672ec76a9e2c
SHA256 af85836d11486b0cfacadf0e065c118208596fc73e650327a6a0190673b573d5
SHA512 2fb3b47d869cd836cb255bab690a5062624c9f9ffcdc652c6ef143af059e68b145cc8f76a398329d13091b88257981d2c0b3b2ac4bcc68e776b99a9e29a74ae8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c6e5ee50b7b45713_0

MD5 87d75241225741abee585bacf25aff40
SHA1 8d7ada1be6ae38a97d65d5e0a5f5b90623b7bba8
SHA256 4314a4c58978c14b39453725523af4b50acee07a1fa8c4c19d6ea02854ad525d
SHA512 01f6a21c28f6b061b8062a561e083f12d815c3ceb170dae539da3c03162508efd5305e997d0d0458483f283321c1864a473ecc5938de2ecb8555937ff5f825a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000084

MD5 35b6978febcad1d3b87751795172ff3a
SHA1 51b757fb794b1182134f13056a796a03864d5d26
SHA256 bfe09434c6909f4d0ea0807c06d15efc041c9d43a0cac59e23cba207b542fc9b
SHA512 20273c9df559dd0c0f67c991a5652fa0b33a4456ad154b42f804d8ab0024d28344663d47226975b5c65b672f313eeeb6f875366f6c64696be6509c4ddd6b77df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000116

MD5 8129f438165d58b53a6f7a4d8db35c07
SHA1 1f8152f0ae971604efcbf6a08fa8d79d93af5d97
SHA256 2c597bb33dd81c2936cf48a1751f41a3f44850e778dabd122fc7edce69a03767
SHA512 5a2090b92dcdef850a2cd463fbda3a0dd68cc4f0b3e73d967cb3445dc06a1b7a153f8ac3a1f6f87725ba8061f3f81d33ebe679d59a01ea4dfe32bf9e7149f867

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00011c

MD5 af7ae505a9eed503f8b8e6982036873e
SHA1 d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
SHA256 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
SHA512 838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 247eccbfc33b3d98e6d381e95b516c4c
SHA1 d6636ec4fc613c1e2cf5a44265d75b2bc897271b
SHA256 d3db80f0909dd9df8ec52795ff0b89231e5ac2caaf3769a17220a0814011de68
SHA512 b260447274a4903065a3cffb9e098014239bd26c78c8abfff7138c3911286266ef4ae7abc4764844586ab6c1b6fbf69bbb08b42e182652b70b200ff6390b0bbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 09e417f04df9f708da8ffbb0ad4f2166
SHA1 8540746b4b37df7b47f5e8922caee71900d571a5
SHA256 c1b3fd529ee3aaa5f649f57a6b60cece2ad22f5c5a0441976df54e37204bdeb9
SHA512 36c4de56064c6e8a641354770f563ae6165c0d4941580b1d89d323d619b1097fcaaf877ea836675aa8601011061a66b6eec3e54fa39ccea1275ca2ea37a22790

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fed54dbd1909a295d36e3027bbb746a4
SHA1 f472ed5a79e614bdaa2080da697618764e946b09
SHA256 2fce650bc214b79fa56b30042b2594a852a2a6b6449b22b941a5453067fe610e
SHA512 6ab7cc776c2fdf7a11e389f3d101e7f15b9955e5defcb82e69a2982d12423d8093a1facaa2064fec1eb9675e753aafd498ee4f6e3c0098d20fb866179f38fa06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 69e95ec6ba4546ef601a07145057dafa
SHA1 380e412c513f8ed756e29c31fe97b798ff993e33
SHA256 84a313bb93a0958380741104021c98658ff55d4992c190aabeccbe840f394704
SHA512 89a22096ba666626eae0e242436ccdfc492e6d601492e78127ed3f0e48654652050caeaae5a663d43e31e2b041315e3d8fc9fff49fd61a669cd137dd2233806b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 df98ca2eb17adccb6478385ad06d35c6
SHA1 1f5c37e8da4813a0b48a089156225cd97212d271
SHA256 467ee1a1579c999cde54f1dc9876c16805857546bec5b1ce02b761d82a94a0a9
SHA512 d62aebc8cd959173056c5205161ee2ac7bb12b24f5b23a13591335c83637a26a1cd222ba7636b93855d4595cf9c67e0f1e7223f70b3252c15148780d1618b86a

C:\Users\Admin\Downloads\PDFixers.exe

MD5 4b4df207c145e4bfc96d521a57cc3ad5
SHA1 439d693d379dbffdb52a6ec15cf18b7a386a0997
SHA256 26bac38356fcc89cc7f976f0b076cf3060867aeb4e623a512b7dbf833925f548
SHA512 43e9585f9b5071fd9ec9a10e855b528f03cbe2e0e47e2d1be7691532ebcc1620a6430d9cc5a93a55feefb23cf25d16baa2892620e013a0aa830bd69b9a1ced97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 25b18b7d1e46c35222ea0a85ce850aaa
SHA1 c91932c8bd6b13b9d4b5939a7665dcfd662e90e1
SHA256 f3cc745a688717d60ad5d9bf17a0beade63266ae65b8fd181b6488e8525cf26b
SHA512 b1cab46e9ea58e066a44251b18e9ef1ab599d876a1afbd69e5ab4968f8a9d998b8f54697234057cde46c73840934e0d38516978da0e99007402915c0137df090

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 43de93dd2cc26c73ee1222970bb72335
SHA1 c3e65a7a702f3e127b450b147eba8f60bfd6cb66
SHA256 a46b53b501416d5608d42c145ccc5b40ed39d13c180b2d80355e5883fac41aa5
SHA512 f6a933086bae6ad83ad314f7dd65cfcc8856a5aaab8978885d0388c3f4427a7fbc7a4862fd2add9da41574d11769c21d6f0f8c0f6fdbbd9284adc3ea5a28a98a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b4f8d643dcd33dfa26cfcbe5e95d41e4
SHA1 3cb80ffc3786423e8718f39382f2915ddf62dbae
SHA256 355937f68ed3d271074dd6a6cdeea5ccce4ba07d9ca11f9380f5b88748118dc3
SHA512 3f00bbb122dd682cecc8d78e862e86e11b49d9a750984379d76b407efc4011f58f2f68bc534694582e9b1d1a5eb8d58a6761d94c5a059337cecd54146d94969f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 b1bd305f87e89710a7a2c8ba72b1d5f2
SHA1 cb303b9bbf5dd06f7a94bfd2fbeabebfb0096941
SHA256 82e434ae73e85f83ac13cd7d233d772dcccd9ebff6d0e4045b2aefbc5337aa15
SHA512 504a5fee475da0e4d8130f32736308051d47227045da8632002923e9bb58a500a4d90a4ea6a571926e7a59cd47cf6b50466763851e0389a1f7d1d18f0761b998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ff9ffd0b8d16c2333f7f174a36e7bbb5
SHA1 e553545ddf6b1f982a382be1d2a294c138ae20aa
SHA256 7e3d433dacca984ad83e6c17c9ea8a8c837c6d2cd6d64f45b4da4167f715cc8f
SHA512 30bd5c187e698478297959367c221d56e179eea02353b21e3b5582a02fa04913c42d1f66969cf08b3786eab53cd18881afbfe37538ef348a15fd4a97aed41274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0534d76ca09d70070c1529dce1788598
SHA1 9d1b5590d61d4374590d06b2bbc2c38dc3aee255
SHA256 2d6381b03ae0625c35ea87b046ff1e7e32bbc83a7fe7410c11fe065482ece057
SHA512 9ec371607c71a403d4c46765d010c6d4e9ff15d728bdf487ba94adfad8c73f5ee6e68642ff5cd9a7c5b3fba71ef85345d0ad3a547ea3212e5db902d9ed1e1e21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1ab5986e10bde10379160d1ae68d91a4
SHA1 153959c42985d405c87bfed458629a06b84e502c
SHA256 d69f58494ef49bf60ae171f8e0d5223ed4c57beddf7e6eb85ccbed151d217c72
SHA512 284ea83d8bdbc6403530ebb080dd6a1fd593bcc8f12b743ef04e705546fa4284c5ce0ee2cc2bf9394b5f0ca4572321908eccebd85b6a82c3ef94a0a34ffc3fec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a52753b00d6ffefd8bc68f16d6fb8418
SHA1 763fc4fcf76dd085050cd84833109b9623186538
SHA256 230d998372e2e96161156c3d25061c748b457b14e98f66bd7a0ec18160dd7a62
SHA512 63b52178ffa47bf02db923010030873ad9f35ebb725243eb4510c3ebc1cf12f1a6c3b499cc108a9a59feca6e08b96c128ebfa73b44ca03c72ef2e51f850ea8fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b838ba94a42452c3b5bd60ff0ab668c3
SHA1 654afb56edadedc1685a19ca2273abf54a143eb4
SHA256 de632630bec471a593be0b52e320f5aa5ba76e1d7d0553eb43873105a2b35346
SHA512 d2b0e21b5fd4b639a8433b98c86a40dd3b53febd8c3bc434fd4ba86199b4f9ce0f9372e3a35915cb16bb23da19249cec76d1bf5e08004fd3c99e99cd16f66abc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f3e10f87cf9a6ff0680017e58abbe931
SHA1 60afb7850268d5e2f4864da6e819d78a785cb728
SHA256 d77eff7c61a155e7b2b0413fb41fe5fe36de0eff5b7cb4f1ff339f17f77d0a6b
SHA512 4e8f1b1b3385da17d4cfbf326c0a9e788bf20ec76b2a5ed10cf305491b00184912005e7e53a11578034eda152954930c8ab82e7c993e864eae2b1dd985c0cef1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fb368a29f122b2bb9a4a557374a031b4
SHA1 fb8df1b702c7780e85105e89684f8ef32b2cb887
SHA256 ab82cca43a365e41f35980e5dd86d55d0ce82763248c13c1db82c880d56522e6
SHA512 882e199db3a8543acdf3005b13e184e9ae82d977aacf8fcea342ff53e126ca202a9f1c8cb240d7b8f6fe5e14f541fba34c63070485571907abeef6e6bf977e95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2d85cfdf83af8caa2f41eb90b3675840
SHA1 c28d96cbe129eb0cc0c527cc8da84cc68149f94d
SHA256 2f641a08775c8512758e5fbe9409b3a113205952ad7962515bbc617e4352f84a
SHA512 7b9c810cbaf22f2e57ff27998bb8017b1ce46a4d4e5de6d84f96cbcd964f4beb5d04919f1390f13f4523a78356a233762e7d81ae3a5d80ad609ab4f48650be41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4c04a00449970d2f9d967a5b660b05e8
SHA1 2d2d132a878acfd678c26cca0b18d13cd693fc60
SHA256 de4e133a3907f0f11cb81e69b601ad2d9087fd22fb84f4ac3bb52c4ed7837b65
SHA512 e6a54b70ba61137c629d41e199389958c55d61178fa343f99e560999afe8d523a517bd54cb867c2b5c63eb3dae36cca44ef307058c4a375b2cc729e3c2cfc09a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4df4574bfbb7e0b0bc56c2c9b12b6c47
SHA1 81efcbd3e3da8221444a21f45305af6fa4b71907
SHA256 e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377
SHA512 78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxl

MD5 5b5e6ed53087cd5cb05568e975a56892
SHA1 9c1bb43c4094596f71b4d1ee9f1b7c7df45b16ed
SHA256 919741e7b446234663bd1cea99cbe35ea945f221bfbe2a527ccb326683d7df9c
SHA512 ef68f20428a196a0b17abc6f8a117cde0d59a6b5fba5e0bf4140a35bc742907e2444cedebfd116f9f780470da12357172b7d107506725246d00ca3e86b434322

C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxl

MD5 a0433dec02f02877813f5cc703eb4995
SHA1 066335e549f2a0ba491c486f90bd8b8332d7b903
SHA256 e02057b92fe0c49c3beb6f1dc1ab5ef5a4a541714c1cf816e32829330bcdc72b
SHA512 765bc76daa5f9d12d2860bb072a64b828c9622e75b35f7b5db9bee872c37451d0f0390da8b742d23d6539fa38c87f84664fb9afcee01c6f74b1098181445b2ff

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

MD5 d02c783c85a2a727d65fa73a5e35a402
SHA1 46fab7881f4e1a95f5798701a8eae0b395e2253d
SHA256 156d5e393d33faa2b4524e92101a765db95466b508c864f171e73f304d722fb1
SHA512 97107907aeea82d06e04809b02d5496be7bffbd54de2f1661fa51de7e2dd0a6635822c5b4fa98c6a811446b3b926eaf336a2f49a6e6cd689eb67113e4438a293

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

MD5 208cd758984aee383dc361e66674bd85
SHA1 0ebe6e4fb274ea21c635e87b3d83dedc22741154
SHA256 cad26ed514bb715ce7e24ae2069bf332e2cf0341c95cfa3bc064ed997cb5afa4
SHA512 996a113d472f4213f3c3aa70b1c624ca7910ccdeb7a26efad2751025c22d2cee39cfac9bb9a512c4efe5ba2bb6fde8b7bab9eb5d090fc13f73d527f7b1b14fa6

C:\Windows\Installer\MSI7B0A.tmp

MD5 fccdc45ca17e5180b40efc28052bac39
SHA1 cecb5a7e8807e619956183897a64930ce56294d6
SHA256 4ab37b0f9c5fe3505e1ecfe0764aaa04838cf81f9e0a402425e057f7a251e621
SHA512 67a9cd2066155b35a4b11e7917c2b6dd1d39828bfbe2972b22eea79c1891fd142f50273dde0cbf0a500259fb468f7636db05131a70b3c54a143f945d037da1ce

C:\Config.Msi\e693b2f.rbf

MD5 745897fc2816625a0e5f1ac0f9af16a2
SHA1 cfa9d4dbd1a5bc728ed712cef8b3fadc903d111b
SHA256 5512cabd57b6e1fbd2b96c298d804a3795cd317f61e154aedb335f6c119eaf62
SHA512 7053e9c95b943a30006065a66830bfeb0f37dfb185fcc27019c205e3cea358a0f71ff8007cb6aa39bf61e3406e989ac8366226d83dea5e37c429a5242d1786d2

C:\Config.Msi\e693b30.rbf

MD5 485f3cd5a94355f8e6b0aa101abd9f04
SHA1 a91650f4f103fdf08c8c261cdb1746aca658229e
SHA256 ecb94457c6327a56138dee83fcd82e61352c45e7097309a2effc694e5e78d1e8
SHA512 31b1746d7491d4be907bfe966cecc43f9fac099f897f423cf0b85bef4846a325d209ab64408edfbbd110ca3d3d61644d0cd547e431ae6e6ccd5a74cd9dcaa794

C:\Config.Msi\e693b31.rbf

MD5 7e23e2abf1e03fd0d3c0ed71d3e67201
SHA1 77e9ff622eb2b07d4eb908146251d2061895fd47
SHA256 588aa09f39b70d191b92c2414217429a2fd21c4fb7c3f21fa1d57ece2f552209
SHA512 14496dcaaccd6b00b156d26691465f6fb85da94b04d0a804ad22a8f42d992ef201c4c92b87e2c9d6e5b80ffe53049ed8b44d67ec304bd604d18f6204590c7bb3

C:\Config.Msi\e693b34.rbf

MD5 fd580865ff5b65ffeead3da78f9d244b
SHA1 f26c08181b87d1a6979f97293413d25f6f2862e3
SHA256 5256b74f3447a7fdbaab2ebe6442160dd617fb10800fd0045895b280f603604a
SHA512 5c7dd9a96db711627e4e2f0bc57bc56a1ebd22d8063cc6b8d5d10ad86104b0aaef52fc17e84ebd07d902d345931aeb33e8ba1dfc334e8da251b538e5e8fb10bd

C:\Config.Msi\e693b3a.rbf

MD5 3e3b6511ef707e9d2344b320407ca1da
SHA1 af55e484ad47daeeaedc5efc0d301ed8d6a7be16
SHA256 8b8be00e22af7c415c0086e48c6ce86ec5d146c75a43829ead4a82d25b5ff636
SHA512 a14250cf607d8d3bde7b9f118bdebcda8deb1b4866042be3aa4d266fcc4734f47f2398c6635d4884d16935c58df6e3a64c68a6196e9892c0c6e2195904cedb30

C:\Config.Msi\e693b3c.rbf

MD5 9473054628d25757f804cc2584a931ac
SHA1 1ec0e971be84d5e980988c16e1dba3b5323e7ca9
SHA256 6c699e95e7a018673fe586f5b96ead5bff5861f22699049d72d92ecb53497a47
SHA512 668ac3365f98ea2c6ba58d13017dd4a2f8ae28dc4bd8e8d72ee6fcfc3a7b51bf0b3f658e8a95c6f5bd2015000f3a347ca417915d99ca4fb7f4a98271a27ad1ae

C:\Config.Msi\e693b44.rbf

MD5 0ed609c8782c37c67a5ca7233f08d103
SHA1 c286345aae83608005c0e20aa000acdbfabbdac8
SHA256 10913008d1befd194fc4c96cf0ea20112e9e075974ff5420557141b7ffd5198f
SHA512 92d4547b36cf76823bd9658cc8476afa33f1b20425fae2bd05ea353b6d4de6929c5b72f10100aa1b11493c177df0526aefd1e7d3fabc10d848b88d9f0a382d9c

C:\Config.Msi\e693b48.rbf

MD5 2415bb99884df5e4a9512f52fe799f64
SHA1 50ea323b91282c4cbd704760fa6494904f4fa19a
SHA256 5a3559b695620368dd184f1a78fc0dcda5776892500c3163ca714011de0d319a
SHA512 cde9b27efef623fedc884d8ce82e2919076690dd30edaf58803e8ed62be460090d7c55b1f5098162363a5bee6ffee2128e558a3d52f174f62e5cda4d97ea76d1

C:\Config.Msi\e693b4a.rbf

MD5 846e77a9f3c6bb2ecf5518d470b2b908
SHA1 f16c73c5b7a4b0a596ab41472a246faffd9a9b01
SHA256 17a9b9222850ce3e6786cedd7c698aa145453b37cf8f03d676fbd89f70afa072
SHA512 d94115b82c4abb4570a821919458fb2f322d939928fba6f00fedf139f489f358004de4db3b58b4fce05afcaabf7fcfe9e51c3cb7d0f6f43bebc56c2094086941

C:\Config.Msi\e693b4d.rbf

MD5 7273fe5d0ce6473e646ba240e3fffc8e
SHA1 af11a7b48bde2b1046779147c84d3287a469639f
SHA256 d4e738f4e3d39e7001830f71b52836a20707d14269cba22f34f3fdf0436981dd
SHA512 9efc625c42ce99028297b23c78226264c851d74d84158c2221c2ff9faffd37248a3977461e9fc021e25b903bbc11ec475178157bf9fae9512bfe39eb98404a6b

C:\Config.Msi\e693b50.rbf

MD5 d614ede249037224932c9e650bebf18c
SHA1 33674dff9adee44ebbcb6d1e67be24cb17242181
SHA256 6e2329a69f5e41237f69e0e56b950e01d7487f91f2d4f04386af0c1a04dfb071
SHA512 c077fadc60bcc7c73cf705d8d132557e87cb928226c9bb0b31d2f77cd3474aea4451dd78e0d463de9f9984df955ecad09ec0b22479c831e16308b2bc473e7075

C:\Config.Msi\e693b52.rbf

MD5 4da7266720463186401b1ee9ae625e09
SHA1 040cf60bc1f52402d10e0b898e38b907dd9d9ba0
SHA256 2ec5d00d46355af4cd7d06a00745e726b87c329d090e0acc02f767e75c60601b
SHA512 da22f8e24f5d59232adf9e77914d65a82ec2bb1331a83f72c2d45f8e6e27de3bf113173ba56bcfa40e95851f105bfd941cf63392bd6d4fd4a9b1eba36087c091

C:\Config.Msi\e693b58.rbf

MD5 8c161263d46cbe1eb7b8b48c6add7fe8
SHA1 d6bc046a71361a19bbbedc403bcdc3d1bb2ce1b7
SHA256 1f38d8d61ee299333fd46847a31788c10491182354d882108ec44f11d26a81a6
SHA512 b0dfc0ee6dca1efd74ee8528e8051c1eda77b82c396edaf30099c3d24c71eb6dc2259789aa1f92c4548a5913d949ccdf4296fbba1f17ab84dd08a567afc643cd

C:\Config.Msi\e693b60.rbf

MD5 6a5ee23e3d7b67dfc39ce1c085d8c654
SHA1 6f9c0d88df3df2cf86cc543822b2e6196e849b15
SHA256 b40f265fe31c5dec0943b2d910e997ca1840ee290912b814eeab333af71fbd48
SHA512 2d0cb3ada34426ec079933c96af4e3e67795cba52a6a78b520b7c7aa02a7e0eff53a33da206c7843df42a257474380b3014338c2063dc8848edbacbc6cadbbc9

C:\Config.Msi\e693b63.rbf

MD5 3a01b042f25393be70dd94a2e47f87e9
SHA1 f31ded3d831531c486e7cd49a7011a03bee20edd
SHA256 3d21ba8b82a930c25b0c59a3610aa653a3147c56b88f8efe6437da66821085bc
SHA512 53d9b583fd4ca6484ba31daa96aac2eb65b00a523988db63e10c57153d92992e516dfc9dfe32fd3b01889b8cd89b605ca105fa2fc7bfd4dc28d0690ab384a4cb

C:\Config.Msi\e693b77.rbf

MD5 d87310699e3baac5ecc0f64673fe3485
SHA1 34460b0eb74977b98d9d3e683d5ffa2aec11059c
SHA256 4f9a3c48edbef17a0984c473d0d100e5541a26a92ed4ca3b336974c5eaabb4eb
SHA512 096196d3ff876b7cc5173e0d30125174e6fd1bb60432aa9cf64c3b22fd5ed2fa5a8bf35824e5840ab248b1015907eea0eddd964b4191f52454b03edf583e0b38

C:\Config.Msi\e693b84.rbf

MD5 7030acbd8fbfedf726b99e6ddcb60475
SHA1 f71e8337e6cde5af648aa7917b76efa161f24aca
SHA256 7383a8023a19bbd3f25f03b695dedaf531134775767cb6174c8191e44556a2b7
SHA512 07a2d188a937a1f581ab66c26aad999a29317832aed811878dd3251b9e82787ebdeb3e7bbc7047683014f59172d1850931f102417d7b585a906f2a7353b55486

C:\Config.Msi\e693b94.rbf

MD5 62faa6fe395c5810fe4fceffcba62966
SHA1 ed830d3d1156c3a5ea6502148f4347af0c4a8051
SHA256 1db349e42e9c57afdefc29f18886a98290099b74210cb396ac5485247bcee099
SHA512 4e876c4afdce30b29275eda6ecbb14aaf56bdaef4a1951e6ad09bbe2af5a37667d18f4358c895843010336f467e0bac3a7f8449a907011124d4e374c7b0c1e54

C:\Config.Msi\e693b00.rbs

MD5 b2c24aa9c2d89f67a996612c460c9548
SHA1 e81c54f0cbca18e9cedde4a9527bd8acb8a60ca4
SHA256 68b90ed0198be9d05b72b293412d73472e1aadfcb0c24d2b25c87cd6d3b3de71
SHA512 581ab8270ce147dd1b81a4879b252a68759a675bd7f76c95376b5560790aaca0d275f8576737dd903d668555cf365abe30a65fcdd2291e7453b074dcd78f6427

C:\Config.Msi\e693b9f.rbf

MD5 566fbe26a715e8c1532e43b5251edcfb
SHA1 a8eac918b844c4bdc542da27739a212483fc57ad
SHA256 fdc68318b418d6a7a72b8badf7f7f9432994310fbcfe7d34883820fc39fbeb37
SHA512 78e86fc37d2ab69e93a26b40a8c15f17edf3aab0a07ecea2229ea75a9129626b06ddad0f8f1735a1f9a2c028f0a2f2d1c3e7800dd655c4612246de84a01e5efd

C:\Config.Msi\e693ba2.rbs

MD5 228ee0538dd33a8312e7120feaee2d19
SHA1 b2a981d90b92aebbf0ae24df6f39e2051dd73f2f
SHA256 5486e82ee7399e53f71f327282ee0d5491c40d6b081ff605e6837bfb2f84b5ec
SHA512 613ea46423d813a65456983f776ac2797efd4aa1ea1bb8c0b1319ab2d403b900046fdef18248158df542cb01f3dbad9ecc793250f0dbeab628e1be4ab03f87ee

C:\Config.Msi\e693b9e.rbf

MD5 eeb921c9722099d481c4a68abe17b988
SHA1 b7b08ddd6db8857faeecba013e938c752e837871
SHA256 3972eaa18e95d1085b55b6fdfa5d68432d0b6ba549e5156685f5388eae265e52
SHA512 1448aaa3ecacb72bfc311736b48d307e3dd1df8cd6524db1e7c6297be86f30bef3e6c5484401000180602396ce1ac69ca93310a0b5a9ad6b651fc65e5af43bce

C:\Config.Msi\e693b9d.rbf

MD5 683fc126a13b915b3ff36735ea5ca5fc
SHA1 d1ccfdf78919f51b09fbde02c2cf0f332601bd74
SHA256 b8361411d7b7b0094669b0f74ce8afb488cfad61e2c26f76473db9ddae702929
SHA512 4d88cbe5c42815940595b1c7d466ec84a9e753977fa234591c0b14d2d826423c5bef13aaf93e4f3637a669c56e040da53529dbc31339f18b0587b0c1270c14d9

C:\Config.Msi\e693b9c.rbf

MD5 36c3d79ee04d03d969d128d40750105f
SHA1 dbbb168ceff4b75a2d6626b8308afc8728b597bc
SHA256 b90e5cd4af5a23d620eb6680ed82c2c8c63f06e5642053f01e7bf9a4db7ac5dc
SHA512 19eeafcd5ff13d95ba8063af13d4f3a86d18f846877e15efb6d05ddc8656c0a9524937d8277ce22eac3fd304d8bcdf358d3ca0a7b4c55d463e7f647bf98f35eb

C:\Config.Msi\e693b9b.rbf

MD5 e76a5f60b0ae51e7d514f5488d652841
SHA1 5ea05e124d0b1bd94d6c4a90744d38721515a3f7
SHA256 e42dd63e0b2616f1547f30fffd5155ad11f9070bdc806706fcd388aac6718313
SHA512 239c15429c78b6db7684e409d0059b4b3577975cf454d7476c24a33cc52da3fab71d482acd43ef7de4bbfd3dadec69230e6538c5e7bdbfaadce81ca86c806bd7

C:\Config.Msi\e693b9a.rbf

MD5 15fc53f72d2b4a886511a1eecb4441d6
SHA1 0076e682b8e1e0bbf1d9eb12c30cf6bf5bf51ec9
SHA256 c56be39a1ea5071ac1e321d329e567711b22f63c2141089b1bbb73126b05ac45
SHA512 aa49f62a67baa9a3f3e1fb45a75fb3701340083aa5f4522a3d6e4812ed0adaabe78c3e55915b4f476e8c452ba8461c9195aa57d9765d21e686852d82d1233d26

C:\Config.Msi\e693b99.rbf

MD5 a4d02aae92b63e6d2ea3d2a623a7fb7e
SHA1 2fa81db5e9067784803164b6d54525d22fab4e33
SHA256 b56879a3f5b3eec6256a91392f153c7be4ad6a6fb9464a59502c47af13bface8
SHA512 f9410fd692c9f37586fc5995238740bcda2025f7970660c5e487fae97248b1eb3fcef0bb062b7a34233809f4f19bd12b67ab689a18d3786084cf803ae06a2769

C:\Config.Msi\e693b98.rbf

MD5 32f2ac5f45b93b733cab1865affd588d
SHA1 5062e6d2a8c1e06e19c9f0b29164915286ece618
SHA256 38f422c1c5751cf6796c44fec1c478a2a5379ddb6f3512004f1fcedad3b35cd5
SHA512 8384c6aef7c32ac0f10aad8490d82b1553c3d194dd3f7821bbe2c75eb50a6e5ece195be6c09615f273d3d4935163c15d1c83e7bc4ef45fd1113a9f0641ae0bf1

C:\Config.Msi\e693b97.rbf

MD5 158f96bd130a9f3a1f7e91dc611e8b7d
SHA1 207264f61e8d8cd77c7dd82e7c8c38927bcdef85
SHA256 89885cd48e706c533aeff66d45cfee67561db4708bef31367a546f685f30eb55
SHA512 6ae9e17dddd7ae166fd195d202d73904bf6482d727f0a9d5cc01454d4a58f9da027acc9591dcfacafa039379bf151cb385ca4208ea70baf069516ff98fd31d4a

C:\Config.Msi\e693b96.rbf

MD5 d2d2a9e08ad2df5d73ca0aa0797cd96a
SHA1 f6050bc38d27c805daa078383506b93c5dd854c7
SHA256 1246532e2e335750fcdeb3c801f98eaca1ac6579d1bdcae1c5ca89f8b24fd879
SHA512 197385ac8d349674675fb411cbd246b53b0860f8cbd47b79f6f05ebefda4563e75285cac2bef45ceb12cdfcd4b4d42c47050767608f96eaebc7111dbdbead1de

C:\Config.Msi\e693b95.rbf

MD5 facce237d5cc5e89d8e92a36289f588b
SHA1 5b91fe97781b107df2754a5d38807a597f1d99a2
SHA256 ed9b46fd9f3275639988cb71eccb7c3f31b48282ed78e4abc9ae303cab219bf9
SHA512 f0363e0c7414157dabf929fa9c4b49b74d86a0997481b48d29ec3f0708221d9fc4954f4ba93f4299e9ef0c31d38dd8a691b908cc6557864c1a4baf3f448286f0

C:\Config.Msi\e693b93.rbf

MD5 aa8ef0154efa83de1c2786ab1cb76f37
SHA1 5e4fcdf55c34538dfdda172a985731019f74898f
SHA256 db7364a16090f58ce23aeb0426b005b1d1a965307d7d4de117a553c190ba5d57
SHA512 17d3c193a516bf56ee6a28ef708b01c618d5a159d7c389be6f54579638e3d9c0a9a3add7dc6e19c6f0b63b235c53bbc186d92e77c60ddc297e2df8c612332bbd

C:\Config.Msi\e693b92.rbf

MD5 fca2f9f00de26d0b5af4881836d6337a
SHA1 b11dcad7c00c2c85354b131c796ae34bbbefdb38
SHA256 19e6ec40e9a239b3b208eb3f7874a76e12adbfc8b865f43452296df66a14e501
SHA512 7fae923c2a9c604991b172ac91e7e9e4298c01391940f23a190eb4bd3920c97af2476f1a4730cac350ddbd8956806e98870b46137b1711b224a6174c441af738

C:\Config.Msi\e693bba.rbf

MD5 21438ef4b9ad4fc266b6129a2f60de29
SHA1 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA256 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA512 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

C:\Config.Msi\e693ba6.rbs

MD5 95144555a99289100aef85a060d95100
SHA1 21a66c71ef8338b39d7b79a5f8cbd2437be94433
SHA256 4376d5c0eddbdaccde4919c97f081f0a8d67e7d43eb84d2a407cc33659dd2549
SHA512 d15dec822e110ae6cf492d5d9528b42c79b0ed0cd790eddadd2223191ede3c60045017b5348f7b6779d4585e5a78ebb061ac2e26de00e81575683fdbc180f19f

C:\Config.Msi\e693b91.rbf

MD5 c30dfa5fbf9f2e6d18ceb7108923fdfc
SHA1 523c4b9043cd6d722c01215f64173b9287623d76
SHA256 ec383c0455491bdcab4a1e8692359543d96f82ad73602c171734ae8ce45449e8
SHA512 075b726d3e37d9ba15db1aaca781502aff97b90dc6a80c4e1be20368dd1c9df13160b9d8bce09bfe467b406f7d0b698c6ace6aee5b0bf4149e4508d9ed74cab2

C:\Config.Msi\e693b90.rbf

MD5 93030b5af327ece3ddc3518410e1af59
SHA1 4be27729a906169d2afcf025e10f308fce35056c
SHA256 ea82d8bd8289e5892cad2443c1d586c0a311ddee52a8fda0f75072ef2317b650
SHA512 247e2d5e63e6bb12dd826e452ce7a1e086152a170e7f15c0d7794a1588838c2b6dd4038f07dac42844356795b72b5aa357e01039e419c6c5d90b05ebfd74da4d

C:\Config.Msi\e693b8f.rbf

MD5 218e31b07c6e07633a84f0248730e220
SHA1 47ee36529b741f3d52c487e6dad151f516c2eb5a
SHA256 241e01940f6f128aecc75d21f148468eccc2d368883f0f5a869fb7f58f57e5ec
SHA512 e0481b2a424da192bd9ae9728a89f7c1496e887f198150016ed262b924b1634b414613bb80b969effadb3e34a108992768102f48da7a41ea87b9f2a459a2ddd0

C:\Config.Msi\e693b8e.rbf

MD5 9002a577c07ab2b99979435cd8b67acd
SHA1 5b3c6231c113b726ddd55fd8a8e3ae84b1526820
SHA256 c323b9ebba3aabb01111f281f604ec0555c6030134ca18422ac7f6c73721d9c1
SHA512 f4e066679e9c34cb44cb459ba178fd43ef2e600f94f86ded21af1583f182050178a57271f2a15967c2caa87fb6eea1f5409edcb87b95775245db45af6506bb47

C:\Config.Msi\e693b8d.rbf

MD5 4d4774a30da56119888490cdf3157b09
SHA1 360221725daa9b7a14460fe6939d54b2173fb8d1
SHA256 0ee427eaedbcd82bd07674c9793435443c5b1c0780092909cf791198f0ad85e7
SHA512 eca13baee14a633c3a193df85c28eb797c18063977cea410d6ca41d0aca87379d04e6d2850a032ae5264e536863186e96eb9dc8baf1440517d69e33d4de73130

C:\Config.Msi\e693b8c.rbf

MD5 7a016cec8851a57b2f0376ae6d1fc837
SHA1 f161f9d8d7b073c1f17f55719c37124969bd7d2a
SHA256 19e5e00b55a8b1fc36c33d0d4bd0fba24a03a0959e91f3ab59acb353fed9677b
SHA512 f646fcd298b7a5d7b451219544ede8dc7e09aa3ea6f9a4256d336373d63b475281020ac70e5e08024e2dd8b8c886ff8607ae3139ada650eb8a6293aa0a141456

C:\Config.Msi\e693b8b.rbf

MD5 63a1e9cde10490008ba7ef47a12179d1
SHA1 5299af182b7cf08f95fcb3815149d7c54e73187d
SHA256 9b151503214ef428ece37af31d3d8345f1dc27fd26d17b59c52b718e8fd08bc4
SHA512 dc4074fd0614212d54dad0370bb99d53dbf9078cd3d4981d96f5ecebe36c82df0406cb2c232d07a1928a1ddddef74d832db3e7f479d5d3c1292481143c382efe

C:\Config.Msi\e693b8a.rbf

MD5 bd3e2c28c647533a057b5cdf8bff2c5f
SHA1 d36c80e460c5dde615ab1c268bd89309225ecb82
SHA256 f2742a96cb0a290ab71e316c086db449e6262a4614c70956f69165df8f9a0d3b
SHA512 14aba74084828f9710a1880d8ab55d7c76532d90ef6c9b8b5aa4cf7c67cbae1892b909b35e9239afba181a09f5bb59bf2607862d16330cae09fdcee0248a18cc

C:\Config.Msi\e693b89.rbf

MD5 2a9b706d83be29f32a28f29be397e533
SHA1 31135de80dd7b7c4a27516806fbbb13d871548d9
SHA256 db47a4a99dc0cb5f558891ff552f75053122d04f4e4a2ff6165734cd456a0236
SHA512 cee9cf2576729b34f1352f63d9684695bd491586d31d3b3e81b11f2136b3843d513dbf59280b5aaa63b1cf085f0840040abcdd9d3d72dc15103987b2ad812e64

C:\Config.Msi\e693b88.rbf

MD5 775dac5f81248b14182c82013672c42e
SHA1 cef7bba712b25da04f60f597cb614c7e4b87f24e
SHA256 e95e6d348912c8bec21b006ba6ef77e52fe74287debea2864180c0511e68766f
SHA512 2d99dd61a4ede26a11e6f4c3569732c47911605543e7a72b0298ad25e0a573ba884bdd5719cb8b7cfae43b25f41ccb764c8a233d978346bd49bee1104e7cc97c

C:\Config.Msi\e693b87.rbf

MD5 75e8bc00ad7da1e7628f146dc33cc83a
SHA1 b140b32eeb3cb2223efc7c92346e3c4ecf65eb7e
SHA256 5a35e93da45d610cebbdc4980e7a33b3d094039a49823561c8a3fb87e88f747d
SHA512 b80522f835414b493c97715823902443088bd33c7e54a5fda665d73de7899df5e59c44aafdde33ffc9d71dc7c48036cee050dfdd87a24c29a9fff8ac1253acd3

C:\Config.Msi\e693b86.rbf

MD5 219c69df0c23fdaf84e4c9ea2835a628
SHA1 d3b091bfcaa8506d299cb1d7453fdce7fb27dafe
SHA256 e9cb0016e439bab9d34038b15798cd9261640dec8c577a0035314de5d7892457
SHA512 e209df73a2dccfbc349657925ba9760dc2ea9b52e696f5159bbf3c729e768ebf43a1e6e86a28bf6b023dfc78fd217f03648513479956bfffcd4da04d1cadf8e8

C:\Config.Msi\e693b85.rbf

MD5 e3c8239a97601bb203b9e9037eed89c2
SHA1 75f0e5f417477d4c491e8ad81f498faf761618a1
SHA256 27864727360196540664a55e1808db79f07303949156f843f0520106ebe047db
SHA512 71304187ca95a404d6d175d40be1dcf40d1744c644412e702a25fe7e9745977e3f826d7a9ba1f694c3da4382e8f97fcf41ec8dfdf40240dabee932619e26e7f2

C:\Config.Msi\e693b83.rbf

MD5 03898441f5d9a8809c04fe746fd498b3
SHA1 35cfba8e3600bd0a3389e96dd56ecd8efbf5ffc6
SHA256 8da3b816828229f66334565432f12973529f0d594b685c919b753cf2f692b296
SHA512 dc2c0f6c8d4985770535962ad31e55c13abe248363c12cf55a14bf1fe9dbbb78a2c91eefd9a4711beb53606202b1c2d5648971339c4edb9a61dd271b61416b12

C:\Config.Msi\e693b82.rbf

MD5 5e1a793d9615d4d9e153ee416abc83ad
SHA1 27d231f4d1e2b473f9695daa21b22804db779826
SHA256 8186f5e641a5b0770b635814b5cec2a5dff43158918bc1174edb328194b27090
SHA512 f54e786f2fab5324ce87be1d84ae69f63afa4ff5399e00248451375d2a56b5a0d30c74b27e5fd56b06976ec62688b09dfa39c4a1a02d47c3aa92da21b5e95876

C:\Config.Msi\e693b81.rbf

MD5 535d9d8441e0e22aa3f407c7197f8a0f
SHA1 ec6d047e975c107a7ecdf78bf352a5a68f53392f
SHA256 6e6afa2d6e7c46b9c64406efaf23bfdd3f7fd7a25cb757580f70730f4096ddb5
SHA512 f5e051ef6af191d86797a55dcd114ae920f8a285191f3f09c3493497d381f9ec70921d712c93280b3c8e82fefa77c040cf51e8af3a1e52b040a7fd442d9ee95e

C:\Config.Msi\e693b80.rbf

MD5 c7fc5f01de9577403a1ea8aafad79e72
SHA1 6422fa355184394ace02c0ba88e5b8af3db7fa6c
SHA256 c778577e39211753844d5fcd2267464c043cea271c1477e866d40c9cbdbe49ef
SHA512 b7af7af4aa1dbe92000722bad422af6d54c842af065427e1cf82f61b1a0f82e71f2a2c9b4b12d1642205dc54ca23ecd4ac61c8015076389907914b0cecd04e87

C:\Config.Msi\e693b7f.rbf

MD5 bc9a83d77cae33f9eb9bd538ab65b2a1
SHA1 363fe5bb344cf1843d5f7eb2b0a725ac491ad6d8
SHA256 d0b2520c660959e388b3b24b1ebb7a6eca25dde878b0c0ce798657ae422a9c3c
SHA512 37ac66723c5bb78e45df3ae7175b497353343aec2eb5412213e3c6a1f3558e9cd68479728644643faac97c34ec3f3c43b7d01bb36b1e406613cb46ae4cef1c57

C:\Config.Msi\e693b7d.rbf

MD5 d68368708be2b6dac797743e23dbf655
SHA1 e843b858d72359ecf6fcdfca328ed19a7f23210b
SHA256 dff2dd57e4892ce613b160c935e2d0215d3357edb7791ceaaf880b5995c98361
SHA512 2542ce485c0c630b09be44a4faa841a3ebf2e1b7bd794e0b3fda4e866d97361b014eb3895c70c6b7acee4e29dcfd46b76697a1602666d1febf9cfa62988ea86e

C:\Config.Msi\e693b7e.rbf

MD5 9e877ffed2e2c9a013c59581f88786b5
SHA1 d3bbb3e2c36520ec267463916d3356bf4fcd8037
SHA256 13f36534cf603cd722ac9078e51930cba190395d23d6688b65a8c788262759e5
SHA512 5b4ff6de141bf2dc321dfa05fe8c93f64ca91eae6b41041264736c3c6db9d0520c135103873c5f32a47c742fb51317b3303e7656cd259331113f9b876ad17613

C:\Config.Msi\e693b7c.rbf

MD5 1f50737bb92b1f71b15824a0f113d3f9
SHA1 4d78793ea921986d011a024b91ac59d6c02de6e0
SHA256 f48f267a6e081809bd5ae607aa649529849a6541ca303a5653f6515d865a6b57
SHA512 89e6be6df11dd02896382a7cc9ee41ce74d5bbf845722531ff9a26fd2cb1a016925ea7d4948a4a652c079dafd084538b9b74c4a5dc0bfdd3cb2f0293796481f4

C:\Config.Msi\e693b7b.rbf

MD5 cad14a2ced4a556139097c1f716eae70
SHA1 9552115b645c17165bacc2231725b3f8073105a3
SHA256 35cd20b4567788e3229be61becd6ea1eb115a2b81bfacf3d65d81d0003ecb96a
SHA512 df629a07c217880f174d52772090d49a5e88b73c0df45fccb714cd6ac4c01612e0aa755a1a0b9ba6c2a7a6701e6e94653e71a54c97a1076b7a5bde99d7f0c331

C:\Config.Msi\e693b7a.rbf

MD5 6742f826c21773c933fc2a68ceecb99b
SHA1 dc689d3fb31e7cab6a33cd2192d6114542173514
SHA256 a203989e4399f9443a8848486292dcf04d7c7180dc7d1b4af07030cb0532e036
SHA512 4138836bf9561104facb88c175d9a1d29863110b7e0108149cc0ff32edddbd30ee1b0ba4b7ee8137ffe36c973aa2901f7c23a3dafc79a26b09a64a8b95b6db9a

C:\Config.Msi\e693b79.rbf

MD5 1c8e5ef9f86430fbda800e45c0a89aa5
SHA1 4e18ee249a208dbf7d7b52d412fa0d402fd3ff2a
SHA256 6e18c01cb3fd1b795c062a00d2921e8e0eee8efd89fa77d50c5e16f2b7ce74b6
SHA512 721f29dfd9beed272cbe213eadaba62aa1e1979828b23a226cb05eec536ac495eb33a01da05de82a23113a6d0ad4012032f453339499db3816abfecdecf19b66

C:\Config.Msi\e693b78.rbf

MD5 a3ae8e892e025e479978fb07fb449784
SHA1 71a1641ffb0da859af5e355c5bf4a9bcf1746e74
SHA256 a991c7d6fd80ce581f8bbeb7268032f06c9434cfa67298b0669c84d38be6535b
SHA512 e39d58dc26f8710006fefb51cfe1adb34c8886b6b281a8ea3d87a89c116e255d39c028cc42fce05a8ed61dc0a7c602e344e6c0957bc4156f9a76677687591a54

C:\Config.Msi\e693b76.rbf

MD5 6083b2909a6c1ab52ce84da1b435e7cf
SHA1 e851ccddf1fcb0c2fd9cfb4a357f72633452f240
SHA256 0ef563502d57298ab0962de24692931a32327fc1338cbd80b6b0b2cab067c956
SHA512 53b8aad68d574e57f88fb3663b41455859b2c84ddbd152aa1f0973df15ad1ea1e72b57b54a0984ff8e4abbd1e4606833fb2e132d1d49d428f2e0ea4e7c4568f1

C:\Config.Msi\e693b75.rbf

MD5 86a1d818b679edbe94ab51b963ba79a1
SHA1 2b9ee6b54aa2f709442e7e514335e2548c933318
SHA256 b36b011818770bafe044bd83826f38eb81093f529872a0b83e341f6863b3cfaa
SHA512 ee1ee27bc740b4e4e29a11f4a428b5ccf7ef545444db972b64a8f4b7884462b8c589b5911d7d33e3f2a7b0d97dcea0b5d610a99a00b04d8b3099e695f9acf5b9

C:\Config.Msi\e693b74.rbf

MD5 da7787ae5278031ef79441d29599dcff
SHA1 4e2a4c70035808dd8bffaeb6ded8fe2980566e0f
SHA256 06afbd06123031d3198a25ed0cbb7cfb08c1184cb58ecd7d12f42c235ebb5b39
SHA512 2c1ac894e778aea4515be33b9e894f89a527a5106734a8ea6d6693557aff8417a7f7b340834dd1d207e85e250e718c1d0365332e77ffece2f9e1e81b0082bd7e

C:\Config.Msi\e693b73.rbf

MD5 7173d17aa9ff4cda07fbfff21a584a67
SHA1 37b04626e282aa6ae2a2dc96117dfc5b0b1f25cc
SHA256 972595aefda400197282647fa6d6e40b58ac15591443213682a87d1ac80cb867
SHA512 b583058ce0a7bac48042d63142342a430701f96bb8c8c0f00e2bdb168cf431e2f98a58bcb889623f6e6775195a9d4bae8f37686a48a2cd0034e426d6089a4167

C:\Config.Msi\e693b72.rbf

MD5 91ceea551937cb5da627f33ef7995ee8
SHA1 4e7483605c4027381e4796345f0a0e6aa9342a5b
SHA256 4256104f1e0eb69836f00b38813ae62f79abed1724e0b07f8aca908e7bb74806
SHA512 2d720c8a331278707913fc064d7a0c2727ef13b3f8cd46aa4e4a2936aab2b1228d78c1662856739964a87a33c312be2d3f65170f38d65545f3a3184c0ad635f9

C:\Config.Msi\e693b71.rbf

MD5 bc959a160882b0de0583047b1b5b93a6
SHA1 78bda837a0fcc25623b54e95f3eff76c3bd79332
SHA256 b9ffa79403a9c57e5a36d6632bf8ebf8da0f6256c0b71fe4dba50390df17702e
SHA512 7cd370afe9903daf36543a2d57ffc869f2ab324fc4ef363119d4923eb3b6079485d6f1a0304b94b928aace18900d034d74ffa0d1cf8382301f6e22f4daf4f0cd

C:\Config.Msi\e693b70.rbf

MD5 3fd311d5a5cab694d93c6de5ab39adc6
SHA1 2950e2cecaa45f46dcc443037c7a4db550533578
SHA256 4e5cd2074b70b073ff9010a22f6e469fc08c93f63e14c85de93377c2d0e97fe3
SHA512 fd884db714d134994c1ef742ee85d5002b07e29b8bf1db2120a4139198f162ad67b093be3f232eeff3e05976ad243ef691af69db86ebcc8e2d6f0400245c6a35

C:\Config.Msi\e693b6f.rbf

MD5 f1e8d3b056eb17b33d6d23b5dd20eb56
SHA1 7556e1bf214dca70ffec24768f3c549ab4ab1886
SHA256 e709b2b5901d6987b46febd4f3d5ba50b94e4ae4e0a6bde09ec981509b72000c
SHA512 914b340a8c175dfed4cdb99bf071e14ab787481517009ad92680725368dd7b7667dfe2ffcfbaa871b2a9edad6b8566828133dccbd0a0c7fb90cbabe4f812da87

C:\Config.Msi\e693b6e.rbf

MD5 90891a2ac9ef19d26ddfae3dcb69fadc
SHA1 14af0ba5b5b4ed5dd82685c7e50a544a5c5e7a98
SHA256 dde3ccb81cfcc3eb4cc65752fe14bf0c7ffc6814d55f7c9bca4d9ae638b30f6d
SHA512 4f97ab143a719bd614a63a3b34bb6ab6931eedf310e2e077c361fd63d2d579e126a3a419256834b021d86250114ecf4c0ef120c9fb267be9aea004b252c17a49

C:\Config.Msi\e693b6d.rbf

MD5 9f8ecff52bd15cff2deeb91bd325e101
SHA1 c82a0eddc66f95f0bfe1fc984671837cf0b07a65
SHA256 aca44b663633d4785d4fca1ed45d2c1d58c994fd927374569b8b5bfcd7079170
SHA512 cf52103d480a589e88c909239dacf5add2467adf6f4ad52d89af16ffb9a5cb32d7e771fe005694d37189ab2ecac08cad9ca7cbcc7d971f17d384a959705f168c

C:\Config.Msi\e693b6c.rbf

MD5 a06591a7b689e5fe00f6755a180af130
SHA1 a581485fe2c6d9acf795e80c7d6b0f3a0e721584
SHA256 6555b4dd2c4e4164c8e00c06f6108a9c1dcdf141a5ca54bbe5675e08750f63b4
SHA512 bc0195276fa8c7937c7c39d567a7f41cc4ef92521836515c11ef5b422d68aa791b96fed829900e998435eb5b719c3a21e58c94534ec1fe4d637e39d43407e4ff

C:\Config.Msi\e693b6b.rbf

MD5 070f18d93af687edf010efa343dcc983
SHA1 16858f9fd0d8ed788ec49460ca2b596c193d2af1
SHA256 89547b37ec7e20f96e1f1b9aeabbe86cac8a0372bf1520fbc2272eed16f8b4a0
SHA512 e7b9ca446b5ebf397e7c220e8a0f639ce20fb35a11010b641f6727ec1c9119093790d4f5521ebb28e8f6de4ed5c4c4f58a27355fb5d012ec949f0de3df5586de

C:\Config.Msi\e693b6a.rbf

MD5 be6f4fd7365dfa124d60114095380602
SHA1 66a41958ead9151d7e61d690f12006ca8a40df89
SHA256 66d6f247e3cae875c3c86dd16ea1aa3512663b8aa8626984007bf5343326bbaa
SHA512 e9f7d819714c905577a2603aa30cc72b87b7a66561c7cc6029dedf48de78fc3db580069602dedbc6b18496217da6b94bbe0c2734ba2dfa5f8b57b7fc6cbdb781

C:\Config.Msi\e693b69.rbf

MD5 8b1132f4e0387a233497141cf30b1edf
SHA1 2afb866bc5093b1281b2ad0fc4a29bc2cab035d5
SHA256 51063c0b520a9ab73aa3a0674c593c3c3de26fa9709175be085d2d8c456ab54f
SHA512 f528da8cd45823fadecf870a348f605e8fa199c6bb139c7930392cf638289c794ea15746cb0f4b9d918a1fcfae7c6578261e7c20fced854e9afa20974e252490

C:\Config.Msi\e693b68.rbf

MD5 a5c7d3197e0ac097600d2901ed4f6e77
SHA1 a459c50978c7e377f1130d7779f4a2fa41d0033c
SHA256 8d0b449684a977a3d81b8fad0663a20555504e8609c987e84364a6e232b51356
SHA512 f9d662be82e96ff035c7aa938a9de7f47162bd4564575eed4aaa42ed4ef49ced0fa4a9b6b2b789b5655c3ac6787f7b3c8439d82962d9668c1d31e62a54a804bc

C:\Config.Msi\e693b67.rbf

MD5 aef35350473c3e263b6d8d4a76616b7d
SHA1 265bf8cadf460109a3a2d0d8e23b7b1eb18d7660
SHA256 fe61442089ed613075613d0db818e9f1c87907dd5c76dbfa67e93abf7f24e135
SHA512 b4f966b9c921364283a6dc42d8b44ec10e8d032089dc157c23ecfda55fbb16f86b9c02cbb22fa0eee51dc784ed83876c9b29ee9cb1cbe823e3b99bf08e46cd76

C:\Config.Msi\e693b66.rbf

MD5 8a138a7c5f6826e2adec47162589bdc7
SHA1 8ba9043cc728827655406126e46950e6a6bf35a1
SHA256 9d4041b781a2fe7e677cbbb210497abce1c6e566047fe4592d6b2bd182768c43
SHA512 beb99a0c999a2e2b3bee93c32246826608d74c95b4aa1e5993228dc5af9e1a775035f52bacbd488d7589f9821fe17df2652f94bc5b66297963fc3f6062b8e0fe

C:\Config.Msi\e693b65.rbf

MD5 e9e2502356902589e8b0b86314294f30
SHA1 44a972c0ccbd52ac6e21f2c0cc1dc81907b5e7dd
SHA256 c1fb9faa66ac74fd4094538d83afa96c8c3a5bf7f30ec302b7ed1ad1f4d99b25
SHA512 7e51bd97735028dd90e855d8e661e2aa8c9e859e2b4c02475d65ba67eab8cd99ce207795e9a6eb4b146483852bd90255feaabc7b50534a7efc43bbfdfdcc2849

C:\Config.Msi\e693b64.rbf

MD5 967be7e7a5e3cfc4902a4dcd26eda18a
SHA1 f0b364113ccd380a256a3f6217b8795300d0fe30
SHA256 071549c2a67ba11cb90362c3a60b904e339c66d33add4e0fdaf348f17365695a
SHA512 db437ef46aae9b0f45bd21958397c163f2c55c85bda25215af041023c63531ae3e0b62fec62ba76b70c6a297b928fb7c8a79ce82463ade93d22a6501b756ccda

C:\Config.Msi\e693b62.rbf

MD5 acfd9dff068c374658366e397a5695d4
SHA1 bbd33c62b022d3592e0c2a67144070ff4e2709a8
SHA256 a4d8b8a525271bfa836744b7705f0993ab454d9a153f81b3502cc62d9284dbfc
SHA512 b2ca941ee0d18bec576ba84e09403cd8dce41b9017134581f1a2e2babe25dff99e9f172a6e9764ca6c58d5ac679405883640e2b7bd108cc0308336098d9099ae

C:\Config.Msi\e693b61.rbf

MD5 9184814c35561939e4b0ad91788441f1
SHA1 a5281447d62fb3acb7915e757c68b6c29ae69adb
SHA256 788f42981bf0bf25f0899d9e3c19a0d6edea44f9c1f9eb616160de99b82e8d27
SHA512 cdd744fa29b63922cb112d645badfe59176bed7a5c2ec12e3e8d095ca2401588565f356aea4a1f40157434fd8d20edbcfc92febc4fc33e4a13a20abcd38ed199

C:\Config.Msi\e693b5f.rbf

MD5 97cf058f86fa06f7e5893211dca28a42
SHA1 17bc3e8fdc48c24ca60d7b1ca10acdbfbd8b5e9f
SHA256 742530e55d505236eae91ac26a923b2efa8b454fc0b449ba43f1d6a28ac5b52e
SHA512 84df980720e846a8a3651d62f2639108818d18db139c6e0b41acb0ef4642312e11689bb6971ef778c1638d8d53430571eb8d560061e6e8c0cc13c1f40b35fcbb

C:\Config.Msi\e693b5e.rbf

MD5 af6ae18e360ffca6c0ceaeeebbf6d8d4
SHA1 0b4ee1121e9070e95147f6c1664f23a9c772ac7a
SHA256 9ae57781418fef37b51dcbeabd4e26dd82a35c3aa2c15917cb98656889d3c7f3
SHA512 eee57abce64bd9b1514a5a3a074948547725e78aba19e085b53d9e8156613a1ee30e60fef77429844ec4abd22ef02c45fe9f31aebff0eb7925e0a62e2b4efad0

C:\Config.Msi\e693b5d.rbf

MD5 a9762e02d260a34b79fdea198f3e82d6
SHA1 5023fc4a74ce1eb15893cf0f724e658c9c5236eb
SHA256 15cb74f02499b76c42faf72e6364392bfa997d0b2668016bec69dbd7d0571578
SHA512 61aba378b6a2533b9f67b4f46a2873fb08be4fe55c0de18785cd1720f4041aaf003ab0310a1d7415d8153508789ceaa82fd1b0731827f75aab41c5962c905502

C:\Config.Msi\e693b5c.rbf

MD5 2cf01239384af6de8b712278d7598e90
SHA1 613cb264d8628008809878154f6eb17f35031c04
SHA256 51a234186dd5e1087a7ecb79bb8538767bd4bf46c645e1a6e83f972de726e95e
SHA512 0e2dc0cf2d2925895af2e5fb918f0c171bcabc6dfb8c094dd63ff7df535f776ff2c3ab89038ca5bbff0f4c02d8474055adfe3609c70d97870c46504f7bb871e6

C:\Config.Msi\e693b5b.rbf

MD5 15caac1ec79f05d8aa62aaeec6903e8d
SHA1 1990604b5491cc83a73f592d1e70b41be5a2d998
SHA256 e485f4d3468410e989c147c9abeef742c57650a794e0ff18c2902eb976d25cc2
SHA512 d418191828c8fca0a4d092d2101191fa5afdeff417cc4c9f1ba02795e3e4981a3ea3b0478c6abc00e284f95c5529a686411b90870569bfcbca15fba61372d402

C:\Config.Msi\e693b5a.rbf

MD5 0da2f7810a668012c630db3fa8230499
SHA1 9ca963ea4e3544609741308d71863bc86a0c0ceb
SHA256 4d997a3892a9fcee4bedb3f47b91f068d6ac823c5ee5f00d1887634e438f41c0
SHA512 57e214fa9ea204094bed5086d6542a32774b3f234edd93d6f9eb364cb7a0825b2056bf2a299c65f8395545fe7f5e21869525575dbfa3c0b35c796f8de6c543ee

C:\Config.Msi\e693b59.rbf

MD5 df0c6bb7965a3dfce5f0f158e9d5251f
SHA1 5250b2c7d557a71dc9fb0823fdc0cc94f0a81e35
SHA256 883e42e3319fa4c059623e4d5a937215ad2f2cb123e88aaec27955f258627c4f
SHA512 8b5f7cfb9d3d857b2396706cbcda445b9131abf79e84296ecbbffff0dc1588b19399b506e4e3110ac4782f60ddee081cd5243e598e0871738803512358efee04

C:\Config.Msi\e693b57.rbf

MD5 4667b1d3fe384b97a94deb1553af2174
SHA1 e14902922748fffc1f65cb299b52c114887b761c
SHA256 705b42f6a55a4cecd347ba954089148572ba9fa033e5a08dba176b652488457d
SHA512 3f2db08d7fbf8f6042f7ff1001f20df3879402a25e7d3b8bb7270ad3be7216ac07a8ded7cd62568d6292bcf3828286105e1d9b87f21dc3e1764d0bc20985a8bb

C:\Config.Msi\e693b56.rbf

MD5 5062f0598bc909a99bd21ff77d3421eb
SHA1 4917cf83d7e3ebac3fbf3e405c4dd633430cb98f
SHA256 e2e634f5552e5214c79cdc2a33672f2cefda7c73fb6d9c7b87916130a969c4b8
SHA512 ed1d812cdf867b963d0a9bebdb6d63698bb107409920ccdb770e197815f5d72b35cc8c1e3602d4b5c63adf06c0d9e125c5a5ad6eff2da22df373b06c7c88be2a

C:\Config.Msi\e693b55.rbf

MD5 da8a2cab1ddbd3fa6cfa43c0bff54348
SHA1 45268d28d4e628781f65f08612394ff7e0d38720
SHA256 a19e7736666470a6eda6d00473cba753deb0e8fb40d3311daf3c50676040e200
SHA512 18be388c509985137e34d4ccac72e60dd726f9c64b76e25988b7c91b3a306f1d15b21546face19ca087db02b0949306a554a889e3832a39c83f5f3686dbb5b10

C:\Config.Msi\e693b54.rbf

MD5 de2943783e864e16eb161a507dedcd3c
SHA1 577774c71730c72d22a80e5d049073fc23f8023a
SHA256 6aa7490ae4134caf546322c9aafdf062082536e1b4c8ed063c8bb5f93cab8afe
SHA512 00abc7a380a864e808e2b0de3dfa5555b0bc691b0d8153bcf24935495b21722be21f9143edc67c7a0fe69f9e3d1e6ebb3fedd633efe439e6b58c1b5594c051ec

C:\Config.Msi\e693b53.rbf

MD5 91d3ae6b71705330e73ca4159817ff4e
SHA1 a941037aa373a426e73dfb853526f150ce4457b0
SHA256 4d16c2bc77cc45c596dabbccf24e51b8d6b47c6582d540993856337d9c7dd6ea
SHA512 8866140622e9241bbc2a5f7f26f659b7d2dcae7890c6ad357f76afeb5b96e6b30914b2b223906cd1f2b29eea27e885e33774782cd2c3b688aa1da72ee61a56f5

C:\Config.Msi\e693b51.rbf

MD5 e8013aaa8fea097b88d7021039154ed9
SHA1 4866c788df4739c011e62f3634989e8959832730
SHA256 a3334e83a418db4f304a621c2a498db48c0f8fe21f21282cc61e5ee9b80c1370
SHA512 8614a03a87b2c06d1d2e577def16deea927e010d0f269f37613b9b737edf72350a5457b22a82d96ffd6d02747bf70116be301f891a0b103214ea3a8263cce32d

C:\Config.Msi\e693b4f.rbf

MD5 6d525c5be39dd69154fb0cf297fa9c1b
SHA1 48b89a8803b7020d7a0bc5dd760c261b2dbb87bf
SHA256 82a7761c6042176cf97947da1e910ce8a320fa7a17dadee2a115ac5f34cdc744
SHA512 0a0416c8a7f967ea869ffe2fe77535cdfc9211d78fbff89e58cac0a4cbc38ba182fb3e88f4de3d38c010f6222ba52f8f10e3f58b4d13e5c7438f9a81a8f871ef

C:\Config.Msi\e693b4e.rbf

MD5 2408534b8cefaf5362700e8afedf070d
SHA1 f197be5f143eae025a5c40837b8432e89b8752a3
SHA256 e89e45dabc6a2422cd5f523d554d6314cf9ecec2238e26c6d8f63f040ed9b6c2
SHA512 94b78d6d0b597fe9b69d438f4ac3d0855ccc9c684a28070bb9e2cc44d171b5047b8c3da03406a05405c74ab56081dffbfe84478064b0b0884bfb6e415c3159fb

C:\Config.Msi\e693b4c.rbf

MD5 ec5a78ba8d91e89c0d9b3683d0cfd5d8
SHA1 0db33de0721fda2e302c39b98f3987ddb9267850
SHA256 b3d09766f50b21e4b825d1ec7908cadc7fd74625b4757dc7952344797c72ac07
SHA512 c8ed1321211aa260ad8fa7314cc4036a743c0bc1ac06defc9d061edd4c3032f1e42c6cb06f2fa8836e66a0a4816a921961a5379b0e20ced8fd4f398085b125d9

C:\Config.Msi\e693b4b.rbf

MD5 224d8b3ed1cc4f5b32e295612f1c263d
SHA1 d84f00249e43dcf21d4e68c1b2b21efed5f3c267
SHA256 20e49d3119901517f055950021e922971cc65578c4ea2898593e29becafd2676
SHA512 87f9a1d17331e85a3df58fcd92e65a60f7b1a74eeac6c6707aea56fe7dde578f1b09798dc3f7a7c0a4b65696524793d7121b19d27902ecfc215a3233128dccd2

C:\Config.Msi\e693b49.rbf

MD5 574d91266ee9fa03432cf50da30dd232
SHA1 b5c48a695fc376c174a79954a6d49280178eb4ae
SHA256 6f262bba82eed8a8d69fac44e491b99cca2d4cd448166291ce2186833e730a85
SHA512 f052ec088a703e50c893decd7f88c0af2b36251dfc70b08e513d55964d1be299f0d772d52e71bf0aeb9abb752eda156767b8be321320e1c60f78af285b33aeaa

C:\Config.Msi\e693b47.rbf

MD5 c1e58c73d935540d0673dffb303aca5b
SHA1 2a95a12c512a2aaf29587db1ec4271cb92846bed
SHA256 3d004ae76cdc99ece59a0dfb980182a727635459eefb4590d8e2c80ac3115b44
SHA512 471b7f432369940d1854dfe50a71e06df25550704efc4f83c60815bc017dc19f875e2ee3733a9750de4e79c6413db59e762df42777b945d0bc045893604b23c3

C:\Config.Msi\e693b46.rbf

MD5 d2bc82e2f203cc4778ff312475a1d37a
SHA1 2da7e8f3e8e4189acf5624bead6b7b983af17e5e
SHA256 e34e79770b6a3a4ad1583c9a90ac12aa4348ad134366c0b0436f00162fa41734
SHA512 976b018f717e45136be48ee8b4ba2593f88e5ca3c6d14602621d2a394d13bbbd6e707ee3a611442caadc3f5f1ac1a8de87b0407da8178a74d25404cee3d9657b

C:\Config.Msi\e693b45.rbf

MD5 524014d39a54d3908de59807c09cae3b
SHA1 cc166f76626f94cdbabd8095286a82a474af9f8e
SHA256 f259988c45f54338d57175fcf4fb9f895d484a4eb0c4b861a3abe885c263be66
SHA512 02bdff78beab753a58f46579e61ad4d2953475edb53b57f75ed4828ff04d9641f114357f11059ae28d82c1d28f7433a4eea7b7cc01c1fcf85bb5dc6d58261182

C:\Config.Msi\e693b43.rbf

MD5 5f0934c524364c1e1a77db8ccb832c5e
SHA1 848eec26bf024a7c350bdb02d0e92116a4882b76
SHA256 82589b2d5ecae5ddcda39076a33180b6cddb7f54a0cffd4329087eb1f507bed6
SHA512 1ac672272b16a6bfd3977886fb773a21d8606a873478ff036a462728d18b59e9c68a08606e1f869b7e6606416b74c90c72ff9be33036371282564b0d3723a222

C:\Config.Msi\e693b42.rbf

MD5 f8d11c60b70acd2ec9154ee676f615ba
SHA1 a869fc75f44438d9207511dc73bae976f558ba6e
SHA256 b342088c8a4403092703bf40062041265e12edd204aff4f6532226478a65cbb2
SHA512 c4c324e22ff7570c6d9a6fcd5ea3bfc4917a404110b3e202be847355c57c189096feb5c37c0a36c541f4a9d9e80bb1f1bc5db3f4146e515ba34468c5547ba907

C:\Config.Msi\e693b41.rbf

MD5 e1eeb7e26ab04075eecc7275239b20b3
SHA1 ba62b37d4233b88948fdc2ffed08f3c82e8627f1
SHA256 d6cdf961c6d2712fe1958815e51a30960d79fff1e97788b7741627dba972e8f7
SHA512 dd64909c983794c8ac6c33b74711a89b3b33e4429bb5a3a2a2b4e38f5d74902b1589a97014a35fbaf97b469fa57a11314c02d68e1db0934de5244308699fc262

C:\Config.Msi\e693b40.rbf

MD5 7ecb661f50f34a941a44dac7241f7d08
SHA1 772b0df3ad4a89a078cd4ff8e5f45115778d04a2
SHA256 e2386b60a73fa7c95a8968161fb1c84dd9143462b2880133778a3027f75730f2
SHA512 aa007a71da51b145a7fc702a0cd8930d43e03a884c331afb48de01e82e06c20d2a5325aaa893d03a25e5b670e9e0a03f002b55d9620202b6b48045e4a79b577b

C:\Config.Msi\e693b3f.rbf

MD5 aaa2e20588e154a10747bf1b31b55125
SHA1 03cf9f79b9cacda13aeb644a88180222240b6f0c
SHA256 fd12cbad7d1155b311d97dd5da05869200c50e7698ce997cb96004f18018ad2e
SHA512 29df908a09bfd551c50a3c64074c88814065b5b4cdc0d8a1fda5b1d01cb1f1597f2b71b343b59b9fe99ec7123fe48f9a83f93c0880275c19969523a8bd56dcaa

C:\Config.Msi\e693b3e.rbf

MD5 5440ee9cd44616d60cde57ebdb286e95
SHA1 bb7635d6911311b2f3a637a2e9d8446fd0698678
SHA256 e3ba35c5572761c20eb59e25b2332a0cdfb726c48963d40291d7f977531e47a3
SHA512 4600215bd9788b30aa5a5038d6749aa294ca0d6d0063335979d2f4acc29af09967a9160bfd8a2ae093f7fcb95c80fd51ce832cb639354360965d0202a044e1a0

C:\Config.Msi\e693b3d.rbf

MD5 d80746b2f94a3a28e380735d4b8a9ea3
SHA1 adf85a8d951e2ef30100f88bd072d333839462ad
SHA256 45bdf89c40a35f2bb5e8a49a8fe3b67a9984adb4f65bc40ebf4e320c50194218
SHA512 cfc016d2f98385f407d660e276e31891939792d7de667dc8fe0faff37e38fa7f02b55526084682c75d474757c2dd790b714ac2fe1300f39f54fea61b4b3780d1

C:\Config.Msi\e693b3b.rbf

MD5 5fe646e5f52a6183027c87160b922e2b
SHA1 53123095d2ff679db51a55961e7efa6f3c2cd09f
SHA256 ff729c37c44b93705b3d7f3e07a35e1debb5deb6be7a00c0a82546d0fb88c0e0
SHA512 a8e7b4f06fd7a2f46d75ba2a43e924aec6d6e270a0ab7b6a3f6cb259d33f7ac78b00ecc6d6b39e8f0433dd35894972790c43d81c7177bfd72decff8a4a768ea7

C:\Config.Msi\e693b39.rbf

MD5 f35d405459f10fd3d1f52f6dd64252ca
SHA1 5f3bf4ab1c25ec54e79afe7f92390a624ae5cf14
SHA256 384f7c7d81020a72029972324ec6d8b84dbb3f342418c15e0833db02174416c7
SHA512 2bf358ed9e7c09f49280bffb7e200d93ecd3de99d0a842bdbb468b808383aa16f444ad8888f030d1bad5e00fd49c7c3d01a72a256c96aadcab04dba59fbe0a7e

C:\Config.Msi\e693b38.rbf

MD5 2317370717a6bf28b9af805dc45ae5c4
SHA1 ae6876ee8672be7ef18ea64af2293e0d4bf8703a
SHA256 01cd704e1fb542c10b368985c57204b1f78f1d61b07ae6cb193b47aab12cf663
SHA512 5257384b0e7d49852786f81b03d5cbf4026705c1ddf0c533faac970d92cc9e7b9f3a954bde5eefda6c883bbaeb7feda50292245fed9fd1e5914a404d66357ec4

C:\Config.Msi\e693b37.rbf

MD5 dcc6434e76ccc91fa6c35df0d0d6f5ce
SHA1 ed1d50016a7db340208145d988a82ce7c126cc94
SHA256 45526926c328fd96d9be162238b22694fc496d7a946c0e5a085b83257e7e25e8
SHA512 90e08c83dfc95cac80150ebda86085ed2dc86fbc1b2f1112de15638f548e2eb4fc954e3ecc17d828a1a6ed549acde8a1f8ded666865d46ef30eb026127c8b102

C:\Config.Msi\e693b36.rbf

MD5 b4c6016286bdce7c51c3634999f2ea5e
SHA1 c446378afc6b12c372bf4dbf33efa61e9f7fbbda
SHA256 a8f8ab6c63c8d4471d158010f18cb24d4d2ccea495a160cdcef95a96183ffc6a
SHA512 a121b4df2348ef53413b82c69a66ad3654aaec7d40011dfa4968f9a6b9a5e1252089f39f4961f2305a678c227abc14bac88a3674ab960fc52f71f7c3776c928d

C:\Config.Msi\e693b35.rbf

MD5 1c213c5e8828353641cef6d74ee6838d
SHA1 6e16eb31f642327afbed7b8d4ca56e791b799cca
SHA256 a1cbfc3eca8b075ce204c629bf0cf36b0add593c8a28040018319e5e2533ffdd
SHA512 7b7a222c49a95cea34d8ea005302295572a9955a396bfb51e929a83fd351a67c55c4b8c1647eeb0d4d7bf5e9b0c9502d7f4f4e75970e5b004bb72b4c5c2abf43

C:\Config.Msi\e693b33.rbf

MD5 642d05fef3999b47e67a3b979395d87d
SHA1 0806dda798421528f8e61e81ac4aadd20cc101e7
SHA256 53bb64373a30ee2b7b2d2fca25f1d0047fee7d932f351d902041b3d5fad6016b
SHA512 7f362c47552e0e31c1361f5cd81c94a7e3b1755b4c336b36275a4f42b77ddc775ad5c46e5aed5659f10beef92f228d52882b1fc421bba093373df82f110e2b2e

C:\Config.Msi\e693b32.rbf

MD5 57626036538c8abbf5bc761c8ecbb274
SHA1 f3dc829a302cd7e268b566eff47b9c5b3badc33c
SHA256 aeb0afc185056f716552564e277ef8a6740a4e7f1600032153eebffae18b3ed2
SHA512 2d508dc1d441187d18502f3d470a27cc8a34af5b16a97db713a2c34801ad65eaf4e15e7b13fb216c11ef4ce505e438e4dd49c326e8217341735ecfbedbdcd330

C:\Windows\Installer\MSI1CA.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

C:\Windows\Installer\MSIB10.tmp

MD5 be0b6bea2e4e12bf5d966c6f74fa79b5
SHA1 8468ec23f0a30065eee6913bf8eba62dd79651ec
SHA256 6bac226fb3b530c6d4b409dd1858e0b53735abb5344779b6dfe8859658b2e164
SHA512 dddb9689ad4910cc6c40f5f343bd661bae23b986156f2a56ab32832ddb727af5c767c9f21f94eec3986023bae9a4f10f8d24a9af44fa6e8e7e8610d7b686867b

C:\Windows\Installer\MSI118C.tmp

MD5 0e91605ee2395145d077adb643609085
SHA1 303263aa6889013ce889bd4ea0324acdf35f29f2
SHA256 5472237b0947d129ab6ad89b71d8e007fd5c4624e97af28cd342919ba0d5f87b
SHA512 3712c3645be47db804f08ef0f44465d0545cd0d435b4e6310c39966ccb85a801645adb98781b548472b2dfd532dd79520bf3ff98042a5457349f2380b52b45be

C:\Config.Msi\e693bbe.rbf

MD5 488e3d7999fb2ddc7c05b61ff574c172
SHA1 1d04628c646c316a15f89580da2da9278f43e4fe
SHA256 099799df3cd0fe88f987ac50784d96c6a257154811c1e864f0ff1147de705a7f
SHA512 6e967f12e8f75ad822149c6720a8c6e96ca5344c23be16f818cea14de037bdf22fb1a25950b092958189f46e5fd5879037b41924d2bf037170333a4309c10e1a

C:\Config.Msi\e693bbd.rbs

MD5 3439605d649ca19685e89c5b64db9f3a
SHA1 21c8bb1ca1f25c554aa14c8e130015a6b44c8975
SHA256 1d6623f479d1c7d5e27eee07496c7e7029ce54595bd5397c48efc7dde3a992a4
SHA512 0c88de76421b1586f6925f46a6ef3a63e30359492a20c3a6c79c2159bc8c951e13eb21103a4acc02459f78061de06ebeebebfb65d4b387d0fd0ef016148cb7e9

C:\Users\Admin\AppData\Local\Temp\nsf9DAC.tmp\ServicesHelper.dll

MD5 b9e8c2212ac8dae4b0eaf97c048529fa
SHA1 331d172323480b0518abdb0cc9e256dc7f46c357
SHA256 d6f6758adac2c073bec481e8de762af3a5574789bce3f43de02356afc9911e0f
SHA512 d93aa032e27c8268a4f6883711cf41f7ee2b5d33673a26d78db24456f2c548af39b7b98ed4b4737245c278d524fffb3e4bf708b6815dc866acd371427ff6be96

C:\Users\Admin\AppData\Local\Temp\nsf9DAC.tmp\CityHash.dll

MD5 2021acc65fa998daa98131e20c4605be
SHA1 2e8407cfe3b1a9d839ea391cfc423e8df8d8a390
SHA256 c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14
SHA512 cb96d3547bab778cbe94076be6765ed2ae07e183e4888d6c380f240b8c6708662a3b2b6b2294e38c48bc91bf2cc5fc7cfcd3afe63775151ba2fe34b06ce38948

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

MD5 8f8c5a9574c9e09bc3c7eaf67bc7d3ae
SHA1 6e6f04b89d4e617458cd0c8fbd9666a3f7c12c64
SHA256 3fd27573ee2764c2480c5a9f6d08cef2303195bbba23bf59fd26eb27fbe29b55
SHA512 eaf56dc5fee394633268bf30afa16e47f1d218f10c416eba9c71ebfe9d1dd51ee32bee8037e75e95d8af8faaa709fe1305c3db1d7677a7ee7dde722a33aa2880

C:\Users\Admin\AppData\Local\Temp\nsv9EA6.tmp\ioSpecial.ini

MD5 844f362770594d94587ec5d14ceebba9
SHA1 00be2b97fa61c93e322c1d45623b3a46867f419c
SHA256 d49e968939f5aa4b00e5290e949e792bda79c341cfdc206075121dc8230aa998
SHA512 2039ce5550fd7e2ee7bd92f82b2e533990a5dd9836075ff909ce0f302c8fb16276fd798553118ccc8b2ada1457d95584194e904bee0d692805fadfc8c3a8730f

C:\Users\Admin\AppData\Local\Temp\nsv9EA6.tmp\InstallOptions.dll

MD5 fd249bc508706f04a18e0bc0afddec82
SHA1 b94efda9f41c89fc6120ed385867125d03f28bea
SHA256 c34f095e200db420ce9af5489c3e392be285e43c3f4c9fbe34686b1f0a1531ad
SHA512 c820c06ad5ae21101602d9e7864fed9b470b25fa9a0ee025d05e72697d88c7e03cbee7ad476f4e3d5b6e467248b8ad1fefa2710c76011e2156b85068961404ba

C:\Users\Admin\AppData\Local\Temp\nsv9EA6.tmp\modern-wizard.bmp

MD5 b7eb985cf8f07001e4735600ff03b845
SHA1 0707b20dcae7e606721650c52d2ffdce07d6b31f
SHA256 d556a832fce332cae9b0d044bbd7b6f63463e8f82c7a54065072d32c724b8a0d
SHA512 29293ff35d2c2256d0edb33757f82dec5efcf3187b0989a5e8acfb4417503616e0d630b881ea177e046445859a9d4f7e915f339e708428e0efdcf265aaf13357

C:\Users\Admin\AppData\Local\Temp\nsv9EA6.tmp\BitsUtils.dll

MD5 8dd17c172a24ebf9601308b949a9ea22
SHA1 507e586c9f69ddc7e58442631efc44f3fe58089c
SHA256 ab77c0a6c79e76ab0f509d655273b2ee5c682c702217f4f884bbab3d2fdfc4c0
SHA512 7de5a35771ac8ead2e3096de29bdedd8e94696d35dc304388c1cff2a14bb264e389a576dae21aaf9cbac79de6c99606b61f1dc5f0ba35fd261b2f5553d389e59

C:\Users\Admin\AppData\Local\Temp\nsf9DAC.tmp\System.dll

MD5 b361682fa5e6a1906e754cfa08aa8d90
SHA1 c6701aee0c866565de1b7c1f81fd88da56b395d3
SHA256 b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04
SHA512 2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

C:\Users\Admin\AppData\Local\Temp\nsf9DAC.tmp\UAC.dll

MD5 d23b256e9c12fe37d984bae5017c5f8c
SHA1 fd698b58a563816b2260bbc50d7f864b33523121
SHA256 ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c
SHA512 13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e

C:\Games\Malinovka\game\data\maps\arzamas\arzamas_n.ipl

MD5 5893010bd602e42410c4169911951a34
SHA1 09f9716b7346b9f9d607395bf0b42d8792c4067f
SHA256 a0ed203e27986d3559de92dd593f14227555a06ee6fb0b36658c32c86f823976
SHA512 771631a84e1bc73b81d9ebb83c0fac0584614d5f5790714d14c86c2baba5e5579835ac02f1f9b7a5b7219eb2b2aee54326724fa90c1ec7bddf4156629371dba6

C:\Program Files\Mozilla Firefox\nsmB098.tmp\AccessibleMarshal.dll

MD5 603790c20a3c54910d57a264b9570251
SHA1 cc116b933d2765ac44d268202e342132ec30b8a4
SHA256 682a1749e7de1f422f7bef98b726e419eabaf7f5c06d89d75626e51a12729b8d
SHA512 d9807ac77d3df4ed0b3f1be2923f8b61794c37b7bb759c9c5b1ed80c2c629b0ce0c7f8607e98ed4628d3143d8fdcffe7d994e670ac08a55db4934461af8c205a

C:\Program Files\Mozilla Firefox\nsmB098.tmp\updater.exe

MD5 c2592b9f503781be0968b45dc315c5cb
SHA1 767b643a62f0684772dfe8ebab531cd77ae30932
SHA256 8695940daf56386b7b430fb1e5a2b919c27d4ed022184f00d2d3d807e0490dd9
SHA512 4bf55d59419bc731760299c7a62ca09f9a44bb08959adf25ade25e898e323e35d37bba9ea9679fbcf9de1fecf27f287d2699e6763f5dff61f9d330280deee59c

C:\Program Files\Mozilla Firefox\nsmB098.tmp\pingsender.exe

MD5 4d71df73d0ab010ff183ab084b21ae70
SHA1 366b6476dd874867fc353c27a4e59aa0c304ab75
SHA256 0adafbc9288c344b1fbeb66d15f9f5a8b7591ea717aa0a595bfbbd0386b1c53b
SHA512 bfaae4316509f70dd997819ea8d17258adffe8a65819a15b28ce082f11ac16ee7ead735b62d8f3d435e6cf56aa23e1fb07a216078ace5a64bfa31914e31b8637

C:\Program Files\Mozilla Firefox\nsmB098.tmp\nssckbi.dll

MD5 5d5335b59573828065797f308f2fa1fe
SHA1 8d8e5a8886357e9a06a430f7a287e8a6e8329529
SHA256 d7afbe9585e3cad47d1a8f79d37e1b9b8df045f488bde560351d38aa099b2690
SHA512 2fee45b96c15d554f2a432cd54de5836f9cad0bb67bd4265fde24f322452c602bf847980bffe75451876de8bb97c2cef2c2ace83040d963f46e2b31a15a5eafb

C:\Program Files\Mozilla Firefox\nsmB098.tmp\mozwer.dll

MD5 8c54a445b0b1001729d5316b44f91ab0
SHA1 bd30cf31ebe3ad86e2d83aeb69e3aa19914963c3
SHA256 428e5d854ed3857a0e9f40452c67c8d14052b700f6251f87b1d3fd39bb6c9223
SHA512 60ce9f69f6bc00e3f8e8978f8c4b343e06907d461f3cc54a270c5f9c117b4fad262e2a5b7b64335d4f41330391cf2617788f635813288a05043e84b5c04742c3

C:\Program Files\Mozilla Firefox\nsmB098.tmp\minidump-analyzer.exe

MD5 f08625cd6dd4329deee33098f90e5749
SHA1 d2244e60ed758ae9d1ffe396d65f4dd7b4de2f4d
SHA256 2ca82926606185abb84fcfa0231c3d2e1b297331967542108bd344b5c9ed5ec6
SHA512 792fd51cc9f03724003cc210a0c76bfbe0d91a6fc8b98c48ed4fcff69e8a59836a800f600a5a7ce0696113594ad68f5b1d368ddd310201e5c80aaecb00ffa10e

C:\Users\Admin\AppData\Local\Temp\nsv9EA6.tmp\unconfirm.ini

MD5 d050fd0e5d7d4ae77869b2ee3debfe8c
SHA1 ee8b642a0a36a2eb8b0dc22a62a328f54ca6684c
SHA256 b390665890fd2cde928b4468c3a15db86e1cae8eed2cd74775b74b22816ad06e
SHA512 5745f4e1968d7d28b5dd760a38c30c9e6747b12283afe6f5fd3f758f78407309910dd6d8be96edc828bdc9d5a6511592d94e59832c04f4d2743e07735f4aecc8

C:\Users\Admin\AppData\Local\Temp\nsv9EA6.tmp\modern-header.bmp

MD5 d74f354a7dff27324b463404f4eec99b
SHA1 c0cd9ec50ef163bb868f574db8ca97ccbaa109e4
SHA256 bc08eabb8b11b7693ac5de4db4d787ae31fdc9f29f6020536c838793bb2d4438
SHA512 09116cfc89e16c0cb104e13292976fe8cb97131f309228fd6488a13d2afff4b902ed490f12cb633be232654ceadaee00f23cbe6206677e61c0a9642c72486c4e

C:\Program Files\Mozilla Firefox\nsmB098.tmp\IA2Marshal.dll

MD5 f309a1b32cbb2b87db1504174fa36b8d
SHA1 5c3096985b95f2d69153cdb3666d5f18629da03b
SHA256 ad868b5352811dc328c4e75b2898d45c75c5af8d3b0ac062810d95847a99e0bc
SHA512 a493a111cce1de0ea9d9999a7e1773334a1fc7b7e71115e60b22d0c1b52e439d889865051c6487665d2638705a676f8600653059dc120d9bdb87d8a81b737112

C:\Program Files\Mozilla Firefox\nsmB098.tmp\freebl3.dll

MD5 8756503d2c125b1dacf33a0b699b68c4
SHA1 dfb30b2d3014173cbcc9925bc9f050f45ad58ac3
SHA256 26546a80d7f1c3bcbcc40bdb7af5aa0875374790ddd6dbdb7b9b4c28d981fc82
SHA512 442c71dd32f4e94c45dc9511d1a63201acb5cf4534e5efc3432b5bec305da53e59b31fe84b79dc40b34d97b6f086c3773c224b0b2c3c5b6996f15a345c445268

C:\Program Files\Mozilla Firefox\nsmB098.tmp\firefox.exe

MD5 5c5da5e3ab450e6492f19d1997064450
SHA1 af17eb6eb3dc94d170304ce8dc631eb6b29a54f4
SHA256 74715f009d8d763eff350a5f8d0c762873e379c77abc10122f76f858e3fbb53b
SHA512 4ba9b632e35e4744d4959f2910805caf0551d59b2b77285bf59f46802a17e321a163cb6e3944aed0f255567600297c08fe9f8ae2e8b35abc7d3c1e7298211e04

C:\Program Files\Mozilla Firefox\nsmB098.tmp\default-browser-agent.exe

MD5 c76064f3ba5d2efd882017910b2edd89
SHA1 f7a51531f83da35e0464401b9409f96ee9d3b0b6
SHA256 7a496771d70a37df6b7be6ede2e09c115b02808a67ba37bf63d221d3f7e3a3c1
SHA512 d7522097c1fc42e77b551446910a02e405b53fa85cd6bb187f44acc6defe4bfc248ab6b16cc6e512997213cc195b4ebbfc97030f3aa89c7e20f49b15455ae84f

C:\Program Files\Mozilla Firefox\nsmB098.tmp\crashreporter.exe

MD5 73603c36b4d1522c3402d67ecf657312
SHA1 6a964ae5d681455c320ea0f8611b79a99a35b283
SHA256 7fb934da4bebc1cb81c3e9f5be4dbb3e43aa8098b6e63f5e0b97b3cc105830b4
SHA512 5fdc5f8ab72bd05ebea6068c896a7805211a9bdccf0167f48ac456a1e4283b59001e588d7349e34f8511fa297f98af8d5140c883e6d4a192af8d350a433c0238

C:\Program Files\Mozilla Firefox\nsmB098.tmp\AccessibleHandler.dll

MD5 650e92170be6d72b5b03b4fd57d9c768
SHA1 96afb8675e8d0ddeda7e5188182d2f7bcfc33ae4
SHA256 1f82976a2d2dfb39ecb4aef21390151d6407c4b76f8401e86b6162920c17e622
SHA512 9ba4d29a8557a50e972a77edbc72c05ffe62fca5b238c68ec7325932b554d10a3feacd5ef3a4a004feff41c5d956d2a78ac98cc2688b3a83ebd35e7c9d1d6b2b

C:\Users\Admin\AppData\Local\Temp\nsv9EA6.tmp\ApplicationID.dll

MD5 fdc0338e6faeaf6f7c271982e103473b
SHA1 9a41f7932abe8be7e32c6371f085cf14de355d00
SHA256 a9dad9fdaae93d10dc2ee346b231913445e731049554b8bb1506827e46f8a44e
SHA512 a766eef11db4c94b1445d1cd70cf1d3b6141d6b3973562e9fa8d81c79195886b884dbc9b9f6952f8a6e8619534a6bf2d615d539d2cace9c8843dc19415051cc0

C:\Users\Admin\AppData\Local\Temp\nsv9EA6.tmp\ShellLink.dll

MD5 fa94d120efb029b43217c66bbc8c650c
SHA1 1fcf2d76adf69b403b7400681ac91d50ed20385f
SHA256 5f6f414b412c72b10f49eb92af1d368ede531b58fb200d539fd2b45e371612db
SHA512 07ed0771d5bbb651ea7421a5f6b08fa234f9cc041315d9360a7135ba12180064fc99a27725385a8ecd3ceb25bed5c00de169f7dabb3ccf6e987f45254dff8158

C:\Users\Admin\AppData\Local\Temp\nsv9EA6.tmp\ioSpecial.ini

MD5 532326dd188659fd32a97ee176bc08df
SHA1 c94e7fab40297f9ea4e0e54fa0b2dea63ef95f5e
SHA256 c87907f2466c0060b49e8ed398ae3adde90dc4610e1fe3a8c5a03b4e97206e18
SHA512 6392a7e57d81462716cf0a32cbf6040cbd55527697e92d54f36b2ed8a3d65382b34af6b547c42fb200cff307ff59691ccc986acba8739af881084c9adbc7136e

C:\Users\Admin\AppData\Local\Temp\nsv9EA6.tmp\ioSpecial.ini

MD5 24aa7af2dfe7d8e5bf786f5f169ebafe
SHA1 9929275b8be298b5cd86445a23c065b50d5b4dbd
SHA256 d127bd38eb18be6259e4d0f52e3848d5f7baa344e3c020bc3d9984b2ff1a6db4
SHA512 a8aaa10087fe32730ae6707ee77cc0067abff4f4f7d3cda20f4a8ad503f53ec3a04b7b65b2255c0b550398058af34ae846dd2b86a9879df60c4c877987401a3a

C:\Users\Admin\AppData\Local\Temp\nsv9EA6.tmp\nsExec.dll

MD5 0e584c7120bd474c616013c58d51dc6b
SHA1 0bc980892341b52985d92fb3d8fbb6be77951935
SHA256 7fb626aa05bee1095633a75aeb7895ebd816a98e0aa1581a0154e4c196de5391
SHA512 aa3a471b3f33c3ffdbe1b1e3c1e5d04367bcab3c16049396a8dd12c5a8317e4b153761f74f39b756dd4fb1806aedc4f1bb38bfbc12f16480eed3fd3087a0d157

C:\Users\Admin\AppData\Local\Temp\nsv9EA6.tmp\liteFirewallW.dll

MD5 f31ba98a8d87faba153eea134968c854
SHA1 da0865cc1a86a39367f22897e1f9fbf4fb1f804f
SHA256 708fb54cffb6aea3547fc5ac745d1435ecc814df563bef59ba7a94f57d082bbb
SHA512 d991a2dd5ef537b25898afd7b7e73274a3cb8e6f5fca1621af22ee2761b82baf220aecb0c84434566742e2ab00b2f57a3740ce9831e76d4e1829bac3e044c8e9

C:\Users\Admin\AppData\Local\Temp\nsv9EA6.tmp\Banner.dll

MD5 2b3f617f22f70710aaf7f27efab15c40
SHA1 66c2397748b46c0aa03f0de1d3b1ef0598512f7c
SHA256 2393ee61dff10c520fea62b5d6dc1c3a559fcad55f5cf15b22e1f408692a35f8
SHA512 69295601e8c20a97b512a99afec2609997b589d46a507b2738a6c974ee5b68bde0e56fce150ab1fc4355aa561e8125335378a9c648bbc533bc5b44de1b85b3e5

C:\Games\Malinovka\game\models\grass\grass1_1.dff

MD5 84e3cdac0050a7ea9a87395728b99ac3
SHA1 9efc70003517fb180d4341125c382f826598353b
SHA256 ae0d950738f9abb5d327c413a62a76479a1d686b090d7ba84e51542cc98e264c
SHA512 413d5aa56330adff1576350c9b2fffd6fe35823b31f71e0b65f1ace36430ec66d3b60424834e95d9b7b40078e53216e9e2af693536004351fe6ae6ce3abe4d53

C:\Games\Malinovka\game\models\gta_int.img

MD5 4dd7bbe8d068e9f8e41853581785fba3
SHA1 8c51a799d26d3f80c5134031e4fa932e67f8269d
SHA256 45476ca0c419ea46e34f67c0a7d7dcef12a19ac6a353dc6d6b7529c704b96eb0
SHA512 86fa7c1050797b7304b9e149b38368464081a9d010191fea4cc1cf08ef78f1af6ad85d4e9438a0e5de09448f845ed9a20215f04c6796adc8ad1f888c7b227873

C:\Games\Malinovka\game\malinovka\malinovka.img

MD5 f116a08da20fb21def278fd73d647ebd
SHA1 36f499839f2cd4d10dede3461b7af409a5e3916a
SHA256 cee8ef48734c0650aeb6d7e986a201eef3e0228d1d54b96f49a98ecb21f86a21
SHA512 879a12486b641ddcb14d6acc464838ebc0737a59b0deb44a49192da3326f4822817fc5ce28d6f6673e42b5d00d19ea9f5915408d99c218cb8cb618b5d1749091

C:\Games\Malinovka\game\models\gta3.img

MD5 ac2fb223abadcacac236a248508ba920
SHA1 ffb99b77a7bff8abcd65cf8afc2aaa19da55b2b3
SHA256 27401b9bc2ab6de202087e5729b771551998b1869af507596009ea1d94aaf347
SHA512 66643dcc1852882a3208f23995fcaa4dd28dba8be7dcbf33676e5d6168c6c6fbc4868c709fb44c0ac5e8aadd691e3af85d00d36fc8b557a8ec164cf38855a0ca

C:\Games\Malinovka\game\models\player.img

MD5 5f5f5bfd7dec72bfce5f3ebf59b15c47
SHA1 0c9a7fb28aefa2ac792a4a1616022c2eeec9fa49
SHA256 380e0312885c764ecc22abdb772edbfb1dd483fbe3087193fe064c6767eec0bd
SHA512 3e1deaac5d27b821cb846bc9f2d182983e65e1e20997c7bf87e4231831ba4d86ff4d6d016fbef331a2e682b4ee1f8e9d58f3068247598b35d9828274b2c309cf

C:\Games\Malinovka\game\malinovka\seasons\winter.img

MD5 119235dd714727cdcd5eb2273d952453
SHA1 5b61c23eb03ae5b8cb68608b67340a377e6ebe9f
SHA256 81258dc288e7ce290f31c9bff97e49332c677baa463c63ec9ff0e538cdbffe27
SHA512 93fbbc9ec5912c22c4af761c185748c1a72d8ff4c43aacfb1ab057ee5a059f3e7186ae6b139174f2dcec8897b50bec09173f0cd36c88c1bfe2ddc5ebaf59a402

C:\Games\Malinovka\game\models\gamemod.img

MD5 87631c9315b88e927cb2194446d7fed3
SHA1 800ca8abbb9c3281356a5bbf1c2123648f380b33
SHA256 171845a35d64dd0c32f95efdfc1f1cced4038c052229b9da97d1e951465ed0dc
SHA512 9dfcc019f2ace13c07b89888470766738ae851afda7218155f56c3b02693dcc659a457b4597ca174e49d2f25603eb7908d3f575b33c8d3b77054efa59b5445ed

C:\Games\Malinovka\game\malinovka\malinovka2.img

MD5 cc82c662bffde8443e2e82366f0ad9bb
SHA1 ae99e4ede47736674c42eeaec75cd456d44d4d66
SHA256 a327ed2cd1ee48be66af8ebda72e332f9ac06e3b46313caa49d2d1df0b178d4a
SHA512 9d71361e122326d2a7d7ec0dde081f20994f1ed4f3393218e6181fd3f87659a5879b49909e4b87a49526224e0a67b471f962413bab6e1c2999f43fd43d858cb7

C:\Games\Malinovka\game\malinovka\seasons\autumn.img

MD5 e9e4e851ab4ae2f2e36b23e904cb3ec7
SHA1 774de7fa71d571719a88df32f745d1bdd10842d2
SHA256 d1104d1b1a8f4c675fe829634c53ab94482ddad13672e898ff23699df4cd789e
SHA512 d793566d3c04e5c75a5169162065bb4c2ff9c2160a6542e69a4c61e7344b75be41b78e4545da824c057d60b00cb974c404ef8008d0f0be84d1fd2f2c9ccb4569

C:\Games\Malinovka\game\malinovka\seasons\summer.img

MD5 f6323da9f2ee4fc4d14624fc8fef6c89
SHA1 af74efd4c236b1df3b1e987e002a4e4e64224a3d
SHA256 d90f7827dd8c64c2a812a9338c53252bd88980f7f5db3d44c60eebcc6eeed77d
SHA512 88769eaa6f90484e5ad710e8227e1d29c783013f1d7d5de91a38239a8e165b906d7f0ebeeb3077bf6b2128830c952c2fcc67a8c3d0e5d7cdc25ad65c99336f3e

C:\Games\Malinovka\game\audio\streams\AA

MD5 4f835c7eb0da523f8b728877052f1cdf
SHA1 c12d0b46e8d3cc5d63dc1651c56a3555d5bfaeab
SHA256 484a1e6fa2ad1ae91ceea9a3e260cfdf54fb3396388d022c5887f1453c9bdd57
SHA512 d5569f89f36b28b293a67a9a36f9cca588fe44a81a2ae17bfd2c4867bab68995451984781306abc9f3e725c55ae2597c51ce0664051390978909ee136cf62607

C:\Games\Malinovka\game\data\decision\m_weak.ped

MD5 cf979d9712f478d0deb92fbb11c6ff2e
SHA1 b8023f8c1a39705db456a79dd917b745ed46dcec
SHA256 26fc955b2ff4f0fbc83ba75ddbd14b5ec347775ce2088e7066a389ea2e409d41
SHA512 85f73cc169b6eccad41126e48297e63a82b859efe74e330814d5317badb117fe2ccc3f4ca8a3016d70a738bc41c571ee0972fa8d72c3a3cf76507051ae259016

C:\Users\Admin\Documents\Malinovka\cef\cache\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b